3 Steps to Mitigate Cyberattacks on Medical Devices

By Aiyappan Pillai, Senior Member IEEE & Founder, Congruent Services

The Indian healthcare sector is fast adopting digital technologies to enhance service quality and access. Technologies like Analytics, AI/ML, AR/VR, blockchain, Cloud, IoT, Nanotech, Robotics, 3D printing, wearables are propelling the growth of digitized healthcare in the country. As per Invest India, by 2022, the healthcare market is projected to reach around $372 billion, with investments in healthcare start-ups increasing by over 45%. Health tech is a game-changer and India must harness it to extend health-related services in a big way. IBEF has forecasted that this sector would generate 40 million jobs by 2030.

While the rise in health-tech has empowered patients, it also renders them vulnerable at the hands of increasing cyberattacks,leading to identity theft, financial fraud, data theft and more serious threats like equipment malfunction and service disruptions. Recently, the Indian healthcare industry have been targeted for theft of intellectual property and confidential research findings.

With the pandemic spurring the adoption of digitization across sectors, it is imperative for organizations to protect their digital assets. Vulnerabilities exist across the digital healthcare chain with different levels of susceptibility, depending on the stakeholders involved. The network and connected medical devices are at risk of attack, whether in healthcare centres or in the hands of care-receivers. Cyber criminals can hack into medical networks through relatively simple means because these devices can connect either wirelessly, wired or to portable devices such as SD cards or USB drives, which are more vulnerable to cybersecurity threats.

Here are some steps to mitigate cyberattacks on medical devices:

Minimizing potential for attacks – The first step is to minimize the attack surface at the network connectivity and device level. Technology interventions and behavioural adjustments go together to reduce exposure to attacks. Proactive risk mitigation is essential to minimize cyberattacks. Organizations should have information security policies with robust enforcement. Each stakeholder in the healthcare delivery chain must be trained on basic cyber-safe practices. A zero-trust approach to cybersecurity shall be adopted to build cyber defenses. The number of points of access in the digital healthcare chain must be reduced to enable a scalable protection capability. Organisations should aim at minimizing vulnerabilities and potential attacks through aggressive cybersecurity awareness and outreach programsfor all stakeholders.

Immunizing against attacks –The next step is to build defenses in the digital healthcare delivery chain.This requires cybersecurity policies and practices that are complemented by appropriate technologies. Be it at an institutional or personal level, it is an individual’s responsibility to ensure proper protocols are followed. The technologies shall ensure that key components in the connectivity chain of medical devices are secure and can withstand attacks. Hence, perimeter security using firewalls with key cybersecurity features such as IDS, IPS, DDoS, APS, among others,are essential to protect the network. Medical devices need to be made with cybersecure capabilities such as in-built firewall, secure boot, secure authentication and secure remote support mechanisms. They ought to incorporate secure features such as TPM (Trusted Platform Modules). Ensuring endpoint security is critical to cover increased use of telehealth services and temporary treatment facilities. In case of an attack, the affected device shall be isolated quickly to prevent/ minimize the spread and contain the damage.

Threat Identification – The third step is to incorporate threat intelligence capabilities coupled with a continuous response mechanism. Organizations shall gather, analyze and utilize data from previous cyberattacks to gain knowledge on prevention and mitigation tactics. It is a perpetually evolving process to identify potential security threats, understand motives and likely avenues of attacks to implement policies and processes to prevent them. AI-enabled pattern recognition and analytics can automate and significantly bolster these mechanisms. It is imperative to inculcate threat intelligence in day-to-day behaviors and organizations must encourage members to understand attack patterns and prevent similar attacks from occurring. End-users of medical devices shall also be suitably advised. To understand threats and vulnerabilities, organizations should closely collaborate with IT experts, who have in-depth understanding of enterprise security and biomedical engineering professionals, who are familiar with medical devices.

Cyber criminals are always reinventing their methods and developing new, clever attack vectors. However, by staying updated with the latest cybersecurity trends, using smart security procedures and software, manufacturers, medical facilities—and their patients—can gain the best preventive immunization available.It is essential to have a strong security governance and risk mitigation strategy in place to excel in cybersecurity in healthcare. In a nutshell, there is a significant opportunity for the healthcare industry to thrive, by reinforcing cybersecurity in every aspect of digital enablement.

IEEEMedical Devicessecurity
Comments (0)
Add Comment