Although the approach to securing medical devices has generally been different to protecting infosec and traditional IT, a new report from the Healthcare and Public Health Sector Coordinating Council (HSCC) has said it’s time to tackle both together.
Matthew Broomhall, CTO of technology support services for healthcare, said: “Since data is the coin of the realm in healthcare, this phenomenon has been embraced by makers of medical equipment and has spurred innovation in a great many cases.
“If you contrast this to information technology as we understand it today, IT has had years to implement programs to protect IT assets and data.”
One of the major hurdles however is that executives and board members who are the decision makers in this area are often not cybersecurity experts. Despite having witnessed the cybersecurity crisis of WannaCry and NotPetya, CEOs and CFOs continue to underinvest in cybersecurity. As a result, there is an urgent need for CIOs to adequately explain the dangers for information security.
Medical devices also provide a unique situation and with insufficient resources and lack of knowledge on how to integrate cybersecurity, organisations are currently struggling.
The report, titled “The Medical Device and Health IT Joint Security Plan (JSP)” was issued in June 2017 as a result of a recommendation from the Health Care Industry Cybersecurity Task Force, which called for a cross-sector strategy to strengthen cybersecurity in medical devices.
According to the report: “Software-based medical technologies have the potential to positively impact patient care.
“However, as these products become more connected, product cybersecurity becomes increasingly important as there is the potential for patient harm and disruption of care if products or clinical operations become impacted because of a cybersecurity concern.”
Cybersecurity is a shared responsibility and any development, deployment and support is required from all relevant parties. At the end of the day, medical devices store a significant amount of private information and it’s in the interests of the patient that the information is kept safe and secure.
CIOs and CISOs need to escalate processes and protocols to ensure that medical devices are protected as well as the data that the devices produce. Patient safety is of utmost importance and changes need to be made to ensure steps are taken in the right direction.
HSCC is made up of more than 60 representatives from the Food and Drug Administration, the medical technology and health IT industries as well as the healthcare provider organisations.
See the original article here: Cybersecuritynews.co.uk