por
John R. Fischer, Senior Reporter | May 05, 2023
Recently, the FDA said that manufacturers of any device using software and connected to the internet must continue to
update and patch their solutions, including by issuing a software bill of materials and creating a plan for identifying and addressing “postmarket cybersecurity vulnerabilities."
This will require manufacturers to work more closely with clinicians, hospital IT teams and executives. Breaking down silos between biomedical engineering and cybersecurity teams also provides insights on the impact these vulnerabilities can have on care, according to Waqas, who says that bringing together both teams to form solutions has been proven to reduce these risks.
"At the industry level, we need to improve visibility when manufacturing, procuring, and operationalizing these devices. At the organizational level, creating a comprehensive asset inventory is a critical step of any cybersecurity program framework, such as the NIST cybersecurity framework, or special publications such as 800-66 for medical and IoMT devices," he said.
According to cybersecurity firm Sophos' "The State of Ransomware in Healthcare 2022" report, 66% of ransomware attacks were directed at healthcare systems and hospitals in 2021, with providers needing an average of one week and $1.85 million to recover.
As IoT and IoMT devices increase in number and uses, Waqas says the amount of attack surface and opportunities for breaches are also going up and will continue to unless providers make an effort to understand and address the problems that are preventing them from addressing the vulnerabilities of their medical devices and mitigating the risks they pose to patients and critical care services.
Back to HCB News