Have you got sufficient measures in place to protect against cyberattacks?

Medical Plastics News editor, Laura Hughes, writes about the importance of protection from potential cyberattacks in her latest editor comment.

For years, the medical sector has been moving towards a more digital reality. The benefits of implementing processes such as electronic healthcare records for both patients and healthcare providers, as well as devices such as pacemakers and insulin pumps which aim to improve patient care and ease the burden on healthcare professionals, have risen in popularity and use. However, the increasing use of digital technology has created what were potentially unforeseen or underestimated risks and resulted in the need for organisations to rapidly ensure methods are in place to protect themselves against potential cyberattacks.

Recently, the JSOF research lab has discovered 19 vulnerabilities, which have been given the name, 'Ripple 20.' These vulnerabilities reportedly affect hundreds of millions. It was given the name Ripple 20 because of the ‘ripple effect.' Researchers wrote: “A single vulnerable component, though it may be relatively small in and of itself, can ripple outward to impact a wide range of industries, applications, companies, and people.”

The Guardian has also reported cyber activity writing that UK security minister James Brokenshire commented Britain is “more than 95% sure” Russian state-sponsored hackers targeted UK, US and Canadian organisations involved in developing a coronavirus vaccine. As a result, Brokenshire has advised researchers who are developing vaccines in the UK to install a two-factor authentication on computer systems.

Therefore, it is clear that medtech security breaches are a very real and existing threat. Medtech companies are, however, responding to these through launching new systems. For example, GE Healthcare, a manufacturer and distributor, has launched a technology called ‘Skye’ which aims to bring together medical device expertise, artificial intelligence and process management tools to enable hospitals to detect, analyse and respond to cybersecurity threats in real time.

Additionally, the National Health Service (NHS) in the UK, has launched a procurement platform titled, ‘The Edge4Health’ which comes with an integrated cybersecurity feature. The platform developed by Orpehus Cyber notifies users if the security status is good, average or bad.

Another procurement platform has also been developed in partnership with NHS Digital and the National Cyber Security Centre (NCSC), with plans to run until May 2022. Phil Davies, director of procurement at NHS Shared Business Services described the launch of this framework as “timely” due to the new wave of cyberattacks and scams prompted by the Covid-19 pandemic.

The importance of protecting against cyberattacks should not be underestimated, and Natali Tshuva, co-founder and CEO of Sternum, an Israeli-based company which offers cybersecurity protections for medical devices, highlighted the importance of outsourcing help to prevent against attacks. Tshuva explained how medical device manufacturers need advanced solutions to handle the advanced security threat on devices. She also made the important distinction that, “hospitals have their own defence mechanisms like a firewall or other security solutions to secure the hospital network itself.” This differs to distributed medical devices like pacemakers and insulin pumps which are both vulnerable and lack the network security solution to help secure them. Dave Easton, director of Zener Engineering Services, a service provider and consultancy for health and life sciences, also explained how an effective cybersecurity approach was vital for medical device manufacturers.

Manufacturers are facing multiple challenges, including the demand for devices to be smaller, handle more data, become more digital, and yet remain cost-effective. However, I think it’s really important for developers to consider the protection of any devices which could be targeted by cyberattacks at the development stage, and not as an afterthought. It also seems vital for companies to think about outsourcing help and advice to prevent against attacks which may be detrimental to both the users of the devices and the manufacturers.