por Sean Ruck
, Contributing Editor | October 02, 2018
From the October 2018 issue of HealthCare Business News magazine
There’s been a constant hum of news about cybersecurity in recent years. That hum became more of a roar around late 2016, when hacks of campaign emails became front page news during the presidential election.
But in healthcare, the constant balancing act of keeping legacy systems safe and fending off attacks that continue to increase in sophistication keeps professionals like Michael McNeil busy.
McNeil was a member of the Healthcare Industry Cybersecurity Task Force, a government-sponsored group that was instrumental in the creation of the Cybersecurity Act of 2015. He is also the global product security and services officer for Royal Philips, and has held the position for almost five years. He and his team are responsible for deploying and installing security by design for any customer-facing offerings the company has in the marketplace. Philips operates under a global product security policy which directs its design methodology and its risk assessment and incident response activities. “As we identify threats and vulnerabilities, we put the process into place to make sure they’re managed appropriately. So I have a team that has that responsibility globally across Philips,” he said.
Using that information, McNeil’s team works to tweak configurations and re-engineering efforts in order to improve the ability to withstand outside threats. The information also shapes the security design requirements for products in the pipeline to ensure they’re integrated into a flow of secure suite of products and services.
While there have been a number of high-profile attacks on the healthcare sector recently – like the WannaCry ransomware attack last year that hit hospitals in the U.K. particularly hard – McNeil said that in order to understand events like that, it’s important to take a step back to look at the landscape of the healthcare industry and marketplace. “That particular landscape allows us to know where we stand in regard to other industries. So for example, the healthcare industry, with how it’s designed to maintain solutions in the marketplace, has clearly been a laggard compared to the financial services industry, even though healthcare is considered by most countries to be a critical infrastructure,” he explained.
McNeil said healthcare has the tendency to maintain and elongate the life cycle of the technology the sector uses. That wasn’t necessarily a problem for some solutions when the technology was introduced 15 or 20 years ago because they may have been operating in a contained environment. It wasn’t until connectivity and the need for connectivity increased that the vulnerabilities in those systems became obvious. “What a number of organizations from manufacturers to health delivery organizations have tried to do is to bolt on protocols and abilities to make that communication and connectivity of solutions much more ubiquitous,” McNeil said.