Protecting patients with cybersecurity
In 2018, there is no shortage of content that’s been published on the Internet of Things and how IoT has sparked a major transformation of nearly every industry in our lives. This revolution has also revamped how hospitals are managed, how patient data is gathered and how patients are treated. Yet the increasingly connected medical environment has exposed hospitals and clinical networks to unprecedented risks.
Below, readers will find a situation analysis focusing on the pending threats medical device vulnerabilities present, and what steps hospitals need to take in order to protect not only their facilities, but also their patients.
Some facts to start:
As defined by the FDA, a medical device “ranges from simple tongue depressors and bedpans to complex programmable pacemakers with micro-chip technology and laser surgical devices. In addition, medical devices include in vitro diagnostic products, such as general purpose lab equipment, reagents, and test kits, which may include monoclonal antibody technology.”
A connected medical device is a medical device that communicates via a private network, public Internet, or point-to-point connection (wired or wireless) or can be accessed in standalone mode via a user or machine interface.
These entirely new ecosystems sprouted in hospitals to help improve the efficiency of patient care. The estimated number of connected devices is expected to increase from 10bn to 25bn over the next decade, according to the IBM Institute for Business Value. Some are calling this IoMT (The Internet of Medical Things). Yes as medical device technology advances, the number of devices exposed to malicious threats simultaneously increases.
Who are the bad guys?
The list of adversaries who hack into medical devices ranges greatly and illustrates just how expansive the issue is. The first group attacking critical medical devices is rogue nation states. Their motive for hacking is typically technology-driven to steal intellectual protocol, cause harm, and instill fear or blackmail.
The second group is comprised of attackers, hacktivists and criminals. This group attacks for several different reasons including thrill seeking, money, the challenge to disrupt, or for a criminal agenda. The last group that causes concern for hospitals are terrorists. They seek to disrupt, destroy, or exploit critical infrastructures. Unfortunately, in all of the above scenarios, patient data, well-being, and sometimes lives are affected.
What are hospitals facing today? Cybersecurity issues & incident results: Life threatening, financial losses and brand-name damage
Now that we’ve established who perpetrates the attacks, it’s important to understand what the actual risks are that hospitals face from an attack on their medical devices.
The risks are wide reaching:
- Big data leaks that include patient data
- Regulatory infractions
- Third party access
- Patient care compromised
- Hospital shutdown
With these risks in mind, there are also several ways that hackers are physically breaching hospitals.
- Why investing in the healthcare sector means investing in AI
- Securing medical IoT layer by layer
- Merger Boom: What to expect from M&A and healthcare costs
Malware on Connected Medical Devices
Malicious software introduced onto device or system, potentially infiltrating the hospital’s entire network
Denial of Control
The device operation is disrupted, altered, delayed, or blocked. The flow of information can be changed, denying device availability or entry into the network can be used to control the device or system.
Device, application, configuration, or software manipulation
Device, software, or configuring settings modified producing unpredictable and unwanted results
Spoofed device/system status information
False information sent to operators either to disguise unauthorised changes or to initiate inappropriate actions by medical staff
Device functionality manipulation
Unauthorised changes made to embedded software, instructions on medical devices, alarm thresholds, or unauthorised commands issued to devices. This can result in a shutdown of devices or disabling of medical equipment
Safety functionality modified
Safety-related functionality manipulated so a device doesn’t operate when needed, or it run incorrect control actions, potentially leading to patient harm or damage to medical equipment
Next Step? Build a multi-layered defense against cyber threats
The pressure on HIT professionals to rapidly deliver security solutions that support hospitals’ business needs has never been greater than it is today. Hospitals are under tremendous pressure to adopt the latest technologies to stay competitive, improve efficiencies, drive down costs while continuing to provide patient care and protect patient safety. While these goals are certainly relevant, global companies that have amassed a disparate, geographically distributed and often siloed IT system landscape can attest to the fact that these objectives are not so easy to achieve.
Hospitals must deploy technology that not only identifies a security problem, but also effectively solves it – from discovery and detection, to risk assessment and prevention. This is the only way they can continue fulfilling their mission of providing care and ensuring patient safety.
Written by CyberMDX
NHS opens 8 clinical trial sites to assess cancer treatment
The UK's National Health Service (NHS) is opening eight clinical trial sites to assess patients' responses to personalised cancer therapy.
The trials will analyse how patients diagnosed with advanced melanoma or non-small cell lung cancer respond to immunotherapy, to help predict their response to treatment. They will be hosted at Gloucestershire Hospitals NHS Foundation Trust facilities.
Immunotherapy helps the body's own immune system fight cancer, but while it has achieved good results for some cancer patients, it is not successful for everyone. Finding ways to predict which people will respond to the treatment is a major area of research.
OncoHost, an oncology startup, will provide advanced machine learning technology to develop personalised strategies aiming to improve the success rate of the cancer therapy. The trials will contribute to OncoHost’s ongoing PROPHETIC study, which uses the company’s host response profiling platform, PROphet®.
“Immunotherapy has achieved excellent results in certain situations for several cancers, allowing patients to achieve longer control of their cancer with maintained quality of life and longer survival,” said Dr David Farrugia, Consultant Medical Oncologist at NHS, and chief investigator of all eight NHS clinical trial sites.
“However, success with immunotherapy is not guaranteed in every patient, so this PROPHETIC study is seeking to identify changes in proteins circulating in the blood which may help doctors to choose the best treatment for each patient."
"I am excited that Gloucestershire Oncology Centre and its research department have this opportunity to contribute to this growing field of research and I am determined that our centre will make a leading national contribution in patient recruitment.”
Previous studies in the US and Israel have shown that PROphet® has high accuracy in predicting how patients with cancer will respond to various therapies.