Medical devices are clearly necessary. They make the difference between life and death in the most severe cases, and even in more minor examples, they will be doing the job of monitoring the patients’ health and potentially administering medication.
Yet there is a big problem with medical devices; they can be vulnerable to cyber-attacks due to their software and network capabilities. This means that anyone using such a device could be subject to compromise in terms of; fraud, theft, and identity attacks. These problems might even cause the devices to work incorrectly, putting patients’ lives at risk.
Three specific areas are particularly susceptible to these attacks. The first relates to updates. Security updates, virus protection, and patches have to be assessed and confirmed that they are safe in order to be used on the medical device. The supplier must do this, and confirmation must be given to the purchaser that this has been done. The problem is that the time between making these assessments and the device being used (or a new update being delivered) can be many months, during which time hackers may have been able to gain access.
Another issue is with the updates themselves. As soon as any security updates are released for these important medical devices, cybercriminals will immediately start to analyse them to discover – and exploit – their vulnerabilities.
The fact that these updates then also make any exploitation of the device more challenging to detect can even mean that compromised medical devices are unwittingly used – on the assumption that they are safe and have been checked.
It is evident therefore, that the security issues surrounding medical devices are serious ones.
More Sophisticated Devices
As time goes on, the software used within these medical devices is becoming more and more sophisticated. This might initially sound like the best thing that can happen since it will surely make it harder for cybercriminals to attack.
The truth is far different.
The truth is that the more sophisticated the technology, the more likely it is that cybercriminals will understand how to crack it, and the repercussions from these attacks, when hackers are able to get into the medical devices and steal information or change settings, can be catastrophic.
Add to this the fact that the more complicated the devices and their associated software, the harder it is for healthcare professionals and patients to thus understand and control. The last thing that is needed is for the medical devices to be unusable, especially as they are a large investment.
Being unable to keep patients safe from cyber-attacks through their medical devices could result in fines due to GDPR being breached. Along with that, it has a negative impact on the healthcare provider’s reputation, a loss of business, and massive financial losses too.
The NHS has a stake in ensuring that all medical devices are, as far as possible, safe and secure, especially with regards to cyber-attacks and data breaches. One of the NHS’s main pieces of advice is to create a mitigation plan to reduce the likelihood of the devices being compromised and reduce the impact if they are compromised. This mitigation plan includes limiting the ability of medical devices to have access to removable media and untrustworthy services (including email and web browsers), limiting remote access (which will also modify the way the device can be used), removing any unnecessary services, and ensuring that only those who require access to the medical devices have it. Everyone else has restricted access or no access at all.
This is a big task, particularly for those who may not be up to date with cyber-security protocols. Engaging JVR Consultancy to assist you with any medical devices you might need to carry out assessments on. This will negate the need for such a plan; our work is enough to keep all medical devices secure.
How Can JVR Consultancy Help?
If you are concerned about the safety and security of medical devices and you need assistance, do not hesitate to contact the experts at JVR Consultancy for advice. We are able to offer the best in specialist consultancy information for any medical device of any age.
- Supplier management (ensuring that the correct compliance and checks are carried out before you even receive the device
- Device tracking to keep tabs on any errors and potential threats
- Complete protection against cyberattacks
- Asset management
- Regulation disposal of the devices, audited for your records
- A full GDPR audit and assessment