CybersecurityManagementSecurity NewswireTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityFire & Life SafetyCybersecurity NewsHospitals & Medical Centers

Five new trends in healthcare cybersecurity

By Madeline Lauver
tom-claes-G8EfpFaGBWM-unsplash-copy.jpg
October 27, 2021

In a panel hosted by BD, three healthcare security professionals discussed the goals and trends of cybersecurity in the field. Eric Decker, Assistant Vice President and Chief Information Security Officer (CISO) at Intermountain Health, William Landry, Vice President, Technology Innovation at the Franciscan Missionaries of Our Lady Health System, Inhel Rekik, Senior Director of Information Security Engineering at BD and Moderator Scott Shindledecker sat down to talk about malware, cyber defense and how to best mitigate the cyber risk involved with medical devices.

Assessing the healthcare cyber landscape

Over the past couple of years, the monetization of ransomware has motivated cyberattacks on critical infrastructure. Whereas data recovery might mitigate the ransomware risk in other industries, in the healthcare sector, the safety net of an encrypted data locker doesn't always solve the problem. When hackers target a medical device, health systems pay the ransom to save a human life, according to Decker.

Another trend in malware is cybercriminals targeting security companies and adding malware to the code of third-party security programs. "There's an economy of the attackers breaking into an environment and selling access," said Landry. According to him, organizations must determine the conduits and amount of access that third parties have to company assets. Assessing and controlling this access is an important consideration for business owners working with third parties.

How to best protect medical devices

Segmenting and isolating legacy devices is an important step in protecting medical devices from cyberattacks, but Decker acknowledged that legacy devices necessitate a top-to-bottom security approach in order to remain truly secure. Eventually, each device will become legacy, and health systems need to create a bridge program determining how to manage these devices before they can be replaced. Looking at contracting, device implementation and monitoring can help secure medical devices throughout their lifecycle in the health system, according to Decker. The monitoring phase is critical: measuring metrics around the lifecycle of medical devices can help the system learn from their own security practices and evolve.

Cybersecurity factors into medical device purchasing decisions from the very beginning — Landry conducts a cybersecurity review of every potential product or vendor before passing them on to other departments. The Franciscan Missionaries of Our Lady Health System uses a compliance committee in the C-suite to monitor the risk of medical devices and attain the device updates necessary to remain secure.

"It's really about being a business enabler," said Rekik. A strategy to obtain buy-in from legal and other departments in an organization can involve partnering with an internal audit, which can bake security into the procuring process when interfacing with executive leadership. Rekik recommends aiming to create an environment where cybersecurity is not an afterthought and working with as many departments as possible to prioritize security goals.

Standing up for cybersecurity

When advocating for cybersecurity in medical device manufacturing and procurement, explaining the risk of medical device exploitation in simple terms can help get other departments on board, according to Rekik.

The Franciscan Missionaries of Our Lady Health System has changed reporting systems to make sure that all medical device safety flows through the security team. The health system also created a Critical Infrastructure team housed in the IT department, which dedicates their time specifically to medical device security.

Decker noted that in the past, medical device threats used to focus on resolving individual harm done through hacked medical technology. Now, cybersecurity professionals need to foreground risk mitigation and prevention in their security solutions. Patching a faulty device can lead to more problems when it comes to weak medical devices, but preparing for the worst in advance can stop attacks from ever happening.

Upcoming trends in healthcare cybersecurity

Top trends highlighted by the cybersecurity experts included:

  • Defending healthcare supply chains
  • Identifying and hiring new cybersecurity talent to protect medical devices
  • Cracking down on ransomware globally
  • Monitoring new healthcare technology like artificial intelligence
  • Increasing vulnerability disclosure from manufacturers
KEYWORDS: artificial intelligence (AI) cyber attack response cyber security metrics hacking health care security healthcare cybersecurity medical device security ransomware

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Madeline Lauver is a former Editor in Chief at Security magazine. Within her role at Security, Lauver focused on news articles, web exclusives, features and several departments for Security’s monthly digital edition, as well as managing social media and multimedia content.

Related Articles

Related Products

See More ProductsSee More Products

Events

View AllSubmit An Event
  • March 26, 2025

    Boost Emergency Preparedness: Mastering Mass Notification in Healthcare

    ON DEMAND: In today’s rapidly changing healthcare environment, reliable and timely communication during emergencies is crucial. A well-implemented Mass Notification System (MNS) can differentiate between chaos and control during critical natural disasters, medical emergencies, or security threats.
View AllSubmit An Event

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!