Importance of cyber security in healthcare

0
635 views

How cyber security plays an important role in healthcare? What are the security and privacy issues in implantable medical devices?

Healthcare
Security
Privacy
Threat
Ransomware
Himanshu Mehta
76 months ago

8 answers

1

Cyber-security considerations and measures are extremely important in healthcare more than in any other industry, in my view. Also consider existing legislation around healthcare and patients' data protection as well. For the case of medical devices, they must design and implemented with serious consideration for security especially when it concerns safety of patients and the associated data.

Jacobs Edo
76 months ago
This is largely true, although the FDA will have much more to say on this subject this year. From a security perspective, this is a more complex issue than is protection of the customary data management. Product makers are having to give greater consideration to the security features of their designs, however, before seeking FDA approval. - Ross A. 76 months ago
Thanks for sharing your view. - Himanshu 75 months ago
Agreed - Dr. David E. 63 months ago
1

Risk based approach and threat model is kickoff for each device. Connect it to Business impact analyses (if applicable consider impact of losing confidentiality, integrity, availability,… of device/functionality/data) and you will know exactly how important is for you the mitigation of cyber-security risks.
Each device might have variety of interfaces, stored data etc. Malfunction of implantable device, or misuse, could result in wide range of impacts (health of customer, business disruption/reputation damage, legislation & regulation fines,…).
By end of the day, for some implantable devices could be cyber-security even non-applicable.  For other devices, it might be business and life crucial.

Lubomir Kochan
76 months ago
The essence of this issue begins with regarding many of these cyber-phyiscal devices as IoT. Many of the issues are quite similar, but the addition of "life-safety" creates an entirely different aspect that must be dealt with. - Ross A. 76 months ago
Thanks for sharing your view. - Himanshu 75 months ago
Appreciate it - Dr. David E. 63 months ago
1

Cyber security in healthcare highly important. In fact, healthcare companies and organization have suffered from constant cyber-attacks and are considered one of the major targets for hackers. Healthcare does not mean only medical information, but also human lives. Taking into consideration that any medical device connected to a network is potentially at risk from being taken over and exploited by hackers we should not consider only lost of money or reputation, but also the loss of lives. Today, in the era of technology, we already have smart cardiac devices, like pacemakers and defibrillators as well as smart pumps, like an insulin pump that remotely inject medicine into the body. Hacking such a device is a real life threat. Medical privcy should not be treated differenly and its importance is known to us all. To enforce that we have multiple regulations and standards such as HIPAA and ePHI. In addition to the importance of keeping the patients medical records private, healthcare companies who do not protect their patients privacy are subjected to legal panelties. All this means that cyber security in healthcare should be a great concenr and should be taken seriously and without compramises.

Tal Melamed
76 months ago
The concern over possible "assassination by hacking" is not unfounded: most wearable biomedical devices are monitored over WiFi or cellular and can be adjusted so as well. I would caution against being overly dramatic about the risks, however. The classic hacker of today is motivated by acquiring money through information theft, and monetizing health information is quite lucrative. - Ross A. 76 months ago
There may one day arise a kind of "remote assassin" who hacks wearable biomedical devices (WBM), but this would not be nearly as lucrative as the simple (by comparison) information hacking done today. Even simple "disruptive hacking" pays better, and one has a much wider availability of targets. Is this a real "thing"? Strictly speaking, yes. Other things are much more probable, though. - Ross A. 76 months ago
You are correct. But the classic hacker is not the only risk, and money is not the only motive. In fact, not a few "big" cyber-incidents are a result of gaining fame, or hacktivisim. Targeting an important politican/CEO, which uses a biometical device, can defintly be a target. I believe that the saying "Prepare for the worst, hope for the best" should the corrent approach. - Tal 76 months ago
Having said that, obviously the main concern would be medical information. Physical attacks are more technically complex as well as they require the right proximity. But they are not impossible, bluetooth is a very common protocol used for smart devices. In the following paper I present an active Man-in-the-Middle technique for BLE devices: https://www.witpress.com/elibrary/sse-volumes/8/2/2120. - Tal 76 months ago
As one who tests and certifies such devices for FDA evaluation, I know well the potential for such events to occur. My point is not "possibility" but "probability". To your point of political assassination via such methods, placing unique protections around the wearers and their devices will be the highest priority. The "Trusted Insider" will still be far more probable than through the device. - Ross A. 76 months ago
I agree. As I said, it might not be the greatest concern, but should definitly not be ignored. - Tal 76 months ago
Thanks for sharing your view. - Himanshu 75 months ago
1

Cyber-security is important to save and share information. Technology enables professionals to quickly send information to colleagues and patients, it saves storage costs too. Preventing attacks helps to keep information confidential, this could be relevant for legal reasons. Having now a large amount of this information digitized, this is one of the best source of information about anyone. As per an article released by Forbes, already in 2015 healthcare was the most targeted industry for security attacks, https://www.forbes.com/sites/stevemorgan/2016/05/13/list-of-the-5-most-cyber-attacked-industries/#63683546715e.

Paolo Beffagnotti
76 months ago
Thanks for sharing your view. - Himanshu 75 months ago
Also, appreciate it - Dr. David E. 63 months ago
1

Mayank Lau
76 months ago
That chart is very good indeed. Thanks for sharing. - Himanshu 75 months ago
0

A Greenfield, Ind. based Hancock Health hospital paid extortionists roughly $60,000 to end a ransomware outbreak that forced staff to use pencil-and-paper records. Last year, Erie County Medical Center in Buffalo, New York, spent almost $10 million rebuilding its system after declining to pay attackers $30,000 to unlock the system.

Himanshu Mehta
75 months ago
Not uncommon; SAD - Dr. David E. 63 months ago
0

Cybersecurity is important everywhere. So as in healthcare. Especially, healthcare data is too personal. Having said that, healthcare has bigger cybersecurity challenges with growing IoT things. Devices that read patient data are connecting to the internet and cloud. That brings the concern on the firmware, network, and servers the whole system is using. 
Another thing- I do not see any standard OS layer or firmware layers for such devices(specially most IoT). Unlike household devices where we know, these are either iOS, Android or Microsoft. But for devices in IoT (And that goes to all IoT) have nothing like this. So, managing these devices is also a challenge. 
The more we bring devices into the system, more challenges we are gonna get. 
There is another aspect - of human error. There are cases when the staff accidentally leaked the data because of lack awareness of cybersecurity. I think training is also a very important part of this. 

Hitesh Mathpal
75 months ago
Yes - Dr. David E. 63 months ago
0

A.I. in Health Care

I am always shocked how many people think "AI in Healthcare" means help with a patient diagnosis ..?

Sure - it might help in <1% of tough cases, but is still rarely needed, and at best is a black box that should only be suggestive.

Better AI uses may include predictive modeling, volume forecasting and sentiment analysis.

Any thoughts?

Dr. David E. M
63 months ago

Have some input?