This discussion is locked.
You cannot post a reply to this discussion. If you have a question start a new discussion

The time to address medical device cybersecurity is now

Medical devices represent a ripe target for cyber attacks. Organisations need to take action to protect devices from these threats.
  • I've naively assumed that privacy, data security as well as cyber security are currently considered, analysed, designed and build into medical devices as a matter of  their systems engineering...
  • Former Community Member
    0 Former Community Member
    Abimbola,


    Naive assumption indeed.


    The next generation of medical devices for domiciliary or ambulatory monitoring  will be Internet of Things sensors, linked to a data aggregator (maybe a smart phone), sending data to the cloud, downloaded to the "secure" NHS WAN (in the UK), merged with other data from that patient, and delivered to the physician's desk, then a report is sent back via the cloud again to the GP or the patient.  Trace the number of steps along that way, each of which has to be secure.  Each of which has its own demands and protocols.  Many of which are totally outside the control of the manufacturer of the devices.


    Then add this comment from a president of a cybersercurity firm "All government agencies around the world insist that we supply security systems with a backdoor..."


    And you see the scale of the problem!


    Frank.
  • Former Community Member
    0 Former Community Member
    This is indeed amazingly naive. Security should never address a device alone but has to address the system it is part of. The size of the supply chain for medical devices, and the huge variety of medical/health use cases does mean this will be difficult to achieve. I'd note that whilst we have a set of CE marks for medical equipment the tests to be passed do not address security at all. Maybe we can work to make security tests and features for medical devices (including their software) be part of the Harmonised Standards that you have to comply with before placing equipment on the market? It'd be a step forward. I would suggest that we also need to be aware that current medical equipment marking does imply testing for safety in the right hands but that cyber enabled devices may overturn safety if hacked.