New technologies and startups are looking to give medical devices a much needed cybersecurity boost.
The cybersecurity risks to the healthcare industry are increasing, due in part to the rapidly growing number of connected medical devices.
The risk of hackers exploiting medical devices to disrupt healthcare operations was listed as the top concern for 2019 in an ECRI report on health technology hazards.
Hackers can leverage compromised devices to obstruct functions critical to patient health, hinder hospital operations, or steal sensitive information. Ways in which attackers can extract value from these actions include ransoms and selling stolen data.
Examples of healthcare cyber threats include the 2017 WannaCry ransomware attack, which caused the UK’s National Health Service to cancel over 6,900 appointments, and a 2018 warning from the U.S. Food and Drug Administration (FDA) about vulnerabilities in Medtronic implantable cardiac devices which allowed functionality to be remotely manipulated.
The future of securing medical devices is largely being determined by innovations in three sectors: device-level protection, network security, and active cyber defense.
This brief examines the emerging technologies and startups helping to hinder data breaches and mitigate adverse effects to patients’ health from compromised medical devices.
- Device-level protection
- Designing secure devices is becoming a priority
- Software supply chain security could limit embedded vulnerabilities
- Network security
- Micro-segmentation can hinder the spread of malicious code
- Behavioral modeling identifies abnormal network activity
- Remote access monitoring targets unauthorized users
- Active cyber defense
- Threat hunting protects against predictable risks
- Deception security uses decoys to contain cyber attacks
- Collaborating with white-hat hackers could efficiently improve cyber defenses