Over 20 Total Lots Up For Auction at One Location - TX Cleansweep 06/25

Public key infrastructure: An upcoming essential in medical device cybersecurity

March 17, 2023
Business Affairs Parts And Service
Steeve Huin
By Steeve Huin

It is a well-known fact that healthcare is a lucrative target for cybercriminals. It's a target that's more susceptible to disruption because most healthcare devices were not connected to the internet until quite recently, therefore their developers have not made the same security investments other industries were required to do, It is also due to a large amount of sensitive data that healthcare entities maintain for patient care and operations.

Since the beginning of the pandemic, Health Delivery Organizations (HDOs) have become even more attractive profit wise for cybercriminal targets. This is primarily because healthcare providers cannot, under any circumstances, paralyze their operations. Many HDOs focus on modernizing their equipment but rely on legacy medical devices where patching and security models are outdated.

The FBI issued a report earlier in 2022 offering recommendations to address several cybersecurity vulnerabilities in active medical devices, specifically those stemming from outdated software and the lack of security features in legacy devices. In the worst-case scenario, exploitation of these vulnerabilities could impact healthcare facility operations, patient safety, data confidentiality and data integrity.

The medical field is under pressure
In the case of ransomware attacks, for example, the payment of a considerable amount is almost inevitable. It is worth noting that the value of an individual's personally identifiable information (social security, driver's license, medical records, etc.) is valued up to ten times higher on the dark web, than a single piece of information obtained through a common data breach.

These cyberattacks against medical institutions are more devastating than we think. For example, in 2020, a significant incident occurred in Germany where an unidentified woman was turned away from Düsseldorf University Hospital because a ransomware attack hampered its operating ability. The woman was rushed to a hospital about 20 miles away, resulting in a one-hour treatment delay with fatal consequences.

Similarly, in 2019, a leading Medical Device Manufacturer (MDM)'s insulin pumps were urgently recalled. They contained a cybersecurity vulnerability that, if exploited, could have granted unauthorized access to control the pumps. Threat actors could also have used this vulnerability as a springboard to penetrate deeper into an HDO's communications network.
(1)

John Voorhees

PKI Necessity

April 13, 2023 10:30

I couldn't agree more with your assessment and strategy. Having been in the MDI space for over 20 years, I dare say that when it seems logical to include this technology in the R and D cycle, it is quickly demoted or sidelined for fiscal reasons. Risk assessments have yet to take into account the real world damage that could occur. They just don't know enough to evaluate it.

The good news is that from an innovation space, it has become a topline issue. It's just going to take a while for it to catch up to current design space processes. Keep talking, someone will pay attention.

Best,
JDV

Log inor Register

to rate and post a comment

You Must Be Logged In To Post A Comment