FINAL WORD
Medical systems are unsecured
Most medical establishments rely almost entirely on technology not only to store and process sensitive information but also to monitor and keep patients alive . Over the past few months we have seen global ransomware attacks on hospitals . While hospitals sometimes can be critically under-resourced when it comes to keeping information safe , a particular challenge is ensuring cybersecurity , which goes well beyond their area of expertise into the medical device space .
In hospitals there are often two technology centers . The first is the traditional one managing servers , laptops , smartphones , tablets , and hospital information systems , where patient data is collected , processed and re-distributed to offer a better standard of care . The second center is known as clinical engineering , where technicians ensure medical devices from small wearable sensors to large imaging ones are working accurately .
For decades both have co-existed separately and since clinical engineering never communicated with IT , there was no need for coordination . An x-ray technician took the image of a patient , and walked them over to the nurseís station where the x-ray plates were placed into the patientís file for the doctor to review .
Today , the doctor requests an x-ray through the hospital information system application , and the request is automatically scheduled based on availability . The patient data is loaded into the connected x-ray machine where the images are taken , and once again automatically updated into the hospital information system and communicated in
Nader Henein is Strategic Security and Privacy Leader at BlackBerry
near real-time to the requesting physician for follow up .
This all sounds like good progress ; the faster the diagnosis is reached , the faster the healing can begin . But medical devices were never built to protect information , just to capture and disseminate it . And now these devices are online , a part of the connected landscape , and quite often unsecured , potentially putting lives at risk .
Malicious attackers are gaining access to hospital networks through medical devices and , because IT and clinical engineering continue to work separately , patient data is at increasing risk . Unfortunately , loss of sensitive health records is just the tip of the iceberg .
What if an attacker chose to suppress the signal from a patientís heart monitor , shielding a heart attack from attending nurses . What if an attacker caused all heart monitors to report that every connected patient was suffering a heart attack .
With the reliance on medical devices and the underlying technological advantages they offer , comes the responsibility to properly secure those devices and build them as part of the larger IT network within hospitals and clinics . It is important for medical establishments to ensure that clinical engineering and IT are one network , with each node secure in its own right .
Hospital administrators need to prioritise data security requirements during the RFP stage . Best practices need to be put in place such as ensuring that medical devices are properly managed , patched and wiped of patient data before they are sent for maintenance or disposed of . It is also vital to ensure that patient data is properly secured without any interference in patient care . Planning for security is a constant in a world where risks are dynamic . Mitigating risk involves a comprehensive approach encompassing all aspects , whether it is driving innovation in technology , investing in human capital , training on policies and regulations , planning for operations and budgeting , or building the right organisational culture .
Security concerns are no longer a hindrance to the development of any industry . On the contrary , security is the ultimate catalyst in the same way that engineering allows automotive engineers to build faster and more maneuverable cars . Security and safety are not orthogonal , they are very closely related and without security , a system will never be safe .
81