Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Medical Devices. Show all posts

Medical Device Cybersecurity: What Next in 2022?

 

A survey report on medical device cybersecurity was published by Cybellum, along with trends and predictions for 2022. It's worth noting that medical device cybersecurity has become a very challenging task. 

With medical devices increasingly becoming software-driven machines and the rapid pace at which cybersecurity risk emerges as a result of new vulnerabilities, complex supply chains, new suppliers, and new product lines, keeping the entire product portfolio secure and compliant at all times appears to be impossible. Learning from peers and attempting to identify the best path forward is now more crucial than ever. 

Security experts from hundreds of medical device manufacturers were asked what their biggest challenges are and how they plan to tackle them in 2022 and beyond in this poll. The following are some of the intriguing findings from the survey about medical device manufacturers' security readiness: 
  • The top security difficulty for respondents is managing an expanding number of tools and technologies, which is partially explained by a lack of high-level ownership. 
  • Seventy-five percent of respondents said they don't have a dedicated senior manager in charge of device security. 
  • Almost 90% of respondents acknowledged that companies need to improve in critical areas including SBOM analysis and compliance readiness. 
  • In 2022, nearly half of companies increased their cybersecurity spending by more than 25%. 
  • A dedicated response team (PSIRT) is not in existence at more than 55% of medical device makers. 
David Leichner, CMO at Cybellum said, “We embarked on this survey to gain a more comprehensive understanding of the main challenges facing product security teams at medical device manufacturers, as part of our effort to help to better secure the devices. Some of our findings were quite surprising and highlight serious gaps that exist both in processes for securing medical devices and in regulation compliance.”

40M+ People had Health Information Leaked in 2021

 

This year, data breaches compromised the personal health data of almost 40 million people in the United States, a substantial increase from 2020 and a continuation of a pattern towards more and more health data hacks and leaks. 

Any health data breaches affecting 500 or more persons must be reported to the Office for Civil Rights at the Department of Health and Human Services, which makes the breaches public. As per the office's database, 578 breaches have been reported so far this year. Although this is less than the 599 breaches disclosed in 2020, the breaches last year only impacted approximately 26 million people. 

According to a survey from security firm Bitglass, hacking or other IT accidents have been the primary cause of people's health records being exposed since 2015. Before it, the majority of data breaches were caused by lost or stolen devices. 

The transition occurred in line with the federal rules in the United States requiring healthcare companies to adopt electronic medical records, as well as a broader shift toward digital instruments in healthcare, such as internet-connected monitoring. In the black market, medical records are valuable because they contain information that is more difficult to alter than a credit card and can be used to establish false medical claims or acquire medications. 

Patients may be harmed in several ways as a result of these breaches: their personal information may be revealed, and they may be forced to cope with the financial consequences of having their medical identity stolen. 

Hacking and attacks on healthcare institutions that shut down hospital computer systems might make it more difficult for hospitals to provide high-quality care, which can be hazardous to patients. According to research, more people die in hospitals as a result of data breaches, even if the incident does not result in a computer system shutdown. 

Although the risk of cyberattacks is increasing, many healthcare companies have not prioritised cybersecurity investment. A cyberattack on the Florida Healthy Kids Corporation health plan, for instance, resulted in the exposure of 3.5 million people's personal data in 2021. 

According to Health News Florida, an investigation conducted following the hack revealed that the plan's website had "significant vulnerabilities." However, experts suggest that the increase in attacks in 2020 and 2021, notably in ransomware attacks, is driving companies to take the threat more seriously.

National Health Service England to set up Artificial Intelligence lab





The National Health Service England is planning to set up a national artificial intelligence laboratory to enhance the medical care and research facility.

According to the Health Secretary, Matt Hancock said AI has 'enormous power' to improve the health care facilities, and save lives.

The health service has announced £250m on setting up a research lab to boost AI within the health sector.

However, AI will pose new challenges in protecting patient data.

Many AI tools have proven to be game-changer devices, which help doctors at spotting lung cancer, skin cancer, and more than 50 eye conditions from scans.

Meanwhile, there are some tools that are yet to be used routinely across the NHS.

"The power of artificial intelligence to improve medicine, to save lives, to improve the way treatments are done, that power is enormous," Mr. Hancock told BBC News.

"In this country, we've got the opportunity to be one of the leading countries in the world at using this new technology."


Medical Devices Now Vulnerable To Cyber Attacks




It is no denying the Fact that with the advancement in technology and evolution in time tons of changes have been made as well as acknowledged by millions of individuals all around the world, as these progressions have contributed in making their daily lives all the more simpler and comfortable.
One such essential change is the one made in the medicinal field, now medical gadgets of all kinds have the network and connectivity that enormously increases their effectiveness and usefulness, making it significantly less demanding for patients to be monitored.

However, with the way digital attacks are on the rise, a significant number of these attacks may often feel like life and demise circumstances. Be that as it may, with such huge numbers of crucial medical devices requiring network connectivity, some of them may really be targets of lethal attacks. 

Disavowal of administration i.e. service attacks and hackings are two of the most serious dangers confronting the medicinal device industry and the patients, that these propelled medical devices are intended to secure and protect.

The astounding dangers related associated with medical gadgets is very much delineated by the case of implantable cardioverter defibrillators, or ICDs, which are embedded so as to keep a person's pulse controlled and to convey a  life-saving shock in patients who are at high risk of heart failure. ICDs are potentially powerless to a type of digital attack that is firmly identified with DDoS attacks thus, rather than utilizing a system of Internet-connected devices to overpower a target, an assault on an ICD would require only one internet connection.

Vulnerability is that of Insulin over-load. The creators of an insulin pump, in October 2016, made the novel stride of informing clients of a potential security weakness. In the wake of getting data about the defenselessness, Johnson and Johnson and Animas cautioned clients that an attacker, even a remote one, could possibly trigger insulin infusions by mocking the meter remotely, with the risk of eventually causing a hypoglycaemic response in the patient which could be a serious health hazard for a diabetic patient.

Medical imaging gadgets are likewise in danger of cyber interference, the sort that could cause a patient serious harm. The researchers at the Ben-Gurion University of the Negev in Israel found that attackers could be able to expand the level of radiation discharged amid a scan to the point that it could cause ailment, damage or possibly even radiation overdose to a patient.

Nevertheless the message with regards to the medical devices is the same as that of any sort of devices with network or internet connectivity: security should be organized and prioritized better. The device makers should focus on creating devices that focus on playing out the tasks that they had been intended to perform.

This is reasonable, however with the intrinsic vulnerabilities of these gadgets and the hazardous disavowal of administration attacks and hackings that are conceivable as a result of them, security should be the essential need of the hour.