Playing it safe: The increasing issue of cyber-security

18 April 2018 16:15

^{As medical device design and technology offers us innovative products with increasingly sophisticated functionality, security issues are becoming key, says Lu Rahman.}

On a regular basis the medtech world offers technology-driven devices that benefit the health and well-being of us all. The smartphone has come to play a vital role in healthcare - both at clinician and patient level – so much so that we take for granted the extent of the technology it contains. The flip side of this is that we know digitally-enabled devices are vulnerable to attack from hackers and we’ve become all too used to hearing about the danger we could face should one of is fall victim to a cyber threat. It’s unfortunate that as the rate of technological advance increases, so too does our vulnerability.

Last year the UK government launched a strategy on cyber-security in response to recent technological changes and the growing awareness surrounding the threat of cyber-attacks.

The Interim Cyber Security Science & Technology Strategy: Future-Proofing Cyber Security report highlights the technologies that will most impact cyber-security and develops policies to help the UK keep up with threats of cyber-attacks.

The report was developed in consultation with academia, industry, and science and technology experts. The report cites Internet of Things (IoT), data & information, automation, machine learning & AI, and human computer interaction and the key areas of focus.

More recently, the Royal Academy of Engineers released a new report examining the way in which health technology and medical devices, such as pacemakers, heart pumps and MRI scanners, are vulnerable to cyber attacks, and which could have ‘severe consequences’ for patient safety.

Commenting on this, Amir Abramovitch, security researcher at Cy-OT, said: "We know that a lot of Internet of Things (IoT) devices are insecure, and healthcare devices are no exception. In the last couple of years we have seen multiple vulnerabilities published for a variety of medical IoT devices. The main problem is that the worst-case scenario here is not data theft or malware infection, but death, and the scariest part is that some of these attacks can even happen remotely, where the attacker does not need to gain physical access to the device.

"The vulnerabilities span from simple vulnerabilities such as insecure storage of the Wi-Fi password and hard-coded secret credentials for remote maintenance, to more severe vulnerabilities such as communication interception (e.g. changing the dosage of a drug) and full-on denial-of-service (e.g. making the device stop functioning at all).

"This poses a threat, not only to corporate businesses, but to human life. The good news is that there are possible mitigations for these attacks, and they are quite easy to implement. The problem is that the companies making these devices do not understand the security implications of their poor design, and I hope they will learn it before it is too late."

Global consulting firm North Highland recently conducted a survey on leaders in the healthcare and life science sectors.

It found that the biggest priority for those surveyed was cyber-security however, nly 25% of respondents felt that they were prepared to address concerns over cyber-security.

^{Is blockchain the answer?}

There is increasing discussion about the way on which blockchain may provide a way to secure medical devices. According to a report by KPMG, “Blockchain’s potential for medical devices may be as great – or even greater – than its impact on the global financial services sector. Preventative maintenance of devices, a strengthened manufacturing process, digitised business processes and ‘smart contracts’, enhanced safety measures and evidence for value-based payments – these are just a few ways blockchain can disrupt the industry across the product lifecycle.”

The report details how several life sciences companies are looking into in blockchain technology. These include Philips Healthcare which has teamed up with Gem to create Gem Health26. KPMG says that: “Several life sciences companies are already investing in blockchain capabilities. Gem, a US-based startup, has partnered with Philips Healthcare to launch Gem Health26, a network for developing applications and shared infrastructure for a patient-centric approach to healthcare. Companies that are early adopters of this breakthrough technology could potentially enjoy significant first mover advantages in 2030.”

As devices offer increasingly amounts of innovative design and technology, it’s clear that we need to ensure that their security is as high-tech as the device itself. With big business showing its support to find new ways to tackle cyber-security, it will be interesting to see how soon we truly get to grips with this issue.

As medical device design and technology offers us innovative products with increasingly sophisticated functionality, security issues are becoming key, says Lu Rahman.

Is blockchain the answer?

Related

The role of pharma packaging manufacturing

Shawpak becomes independent Limited company

The Plastek Group purchases equipment from Sodick

What's the distinction between hydrophilic and hydrophobic coatings?

^{As medical device design and technology offers us innovative products with increasingly sophisticated functionality, security issues are becoming key, says Lu Rahman.}

^{Is blockchain the answer?}