MDDI_Medical Device & Diagnostic Industry

MDDI, July 2016

Issue link:

Contents of this Issue


Page 27 of 39

28 | JULY 2016 Image courtesy of mgkaYa/iSTOCkPHOTO.COm Software It's Time to Rethink Your Cybersecurity Strategy Healthcare enterprise systems can be especially hard to secure against cyberattacks. Here are some tips on how to get started. AdAm HeSSe A nyone following today's headlines is aware that cyberattacks repre- sent a very serious threat to virtu- ally every business sector. Even the largest enterprises are susceptible to cyberattacks that result in not only data breaches, but also data corruption and the introduction of destructive viruses. Still, the numbers may surprise you. According to IBM, com- panies are attacked an average of 16,856 times per year, with many resulting in a quantifiable data breach. The cost of an av- erage breach? Around $3.5 million in 2014, which is 15% more than the previous year. Recent casualties of cyberattacks—Target, Home Depot, Anthem, and Premera Blue Cross—highlight not only the vulnerability of business entities, but also the reality that se- curity is only as effective as the weakest point in an organization's perimeter. In fact, secu- rity concerns are so integral to software sys- tems today that they shouldn't be considered as afterthoughts or separate components. The healthcare sector has particularly acute pains relative to security due to the sensitive nature of protected health infor- mation. Ensuring tight security for a sector as sensitive to information, quality, and con- trols as healthcare is extremely challenging. As such, manufacturers of medical devices and systems must consider the following: ■ How do they ensure security is a consid- eration of the system architecture from the start? ■ What constitutes a cybersecurity evalua- tion and can they do it on their own? ■ What is the right level of investment for cybersecurity? ■ How can they identify the specific threats relative to their system? Today's Healthcare ecosystem Generally, the challenge of security is di- rectly related to the level of complexity and volume of interactions that devices or sys- tems must handle. A completely closed sys- tem (e.g., Fort Knox) is comparatively easy to protect. An open, accessible venue (e.g., New York's Central Park) can be very diffi- cult to protect. Healthcare IT systems are more akin to Central Park than Fort Knox. Today's healthcare ecosystem is a large- scale, complex distributed system made up of devices, software systems, users, and sup- pliers. This ecosystem is becoming increas- ingly integrated, with a larger dependence on sophisticated software systems that in turn expand the network perimeter and make security more challenging. At the same time, new security vulnerabilities and points of entry are increasing due to the following: ■ More fully integrated technologies and processes of accountable care organiza- tions, health information exchanges, pro- viders, and payers. ■ Increased demand for patient empower- ment portals and system accessibility. ■ Widespread adoption of "bring your own device" among caregivers. ■ Proliferation of wearable devices con- nected to networks and software systems. Simply put, the healthcare ecosystem has all the hallmarks of a very difficult environ- ment to protect. Prevention Is No Walk in the Park Security for today's distributed systems is extremely difficult given the current state of technology. Coupled with the frequency and sophistication of attacks, it's clear that strategies that may have worked in the past are insufficient to safeguard today's highly complex health IT systems. It's not just security. You have to split it apart. There are aspects of security that have to do with ac- cess. There are also aspects of security that have to do with resilience: How protected is the environment itself from some kind

Articles in this issue

Links on this page

Archives of this issue

view archives of MDDI_Medical Device & Diagnostic Industry - MDDI, July 2016