The Evolving State of Medical Device Cybersecurity

Schwartz, Suzanne; Ross, Aftin; Carmody, Seth; Chase, Penny; Coley, Steve Christey; Connolly, Julie; Petrozzino, Cathy; Zuk, Margie

doi:10.2345/0899-8205-52.2.103

Cited by 23 publications

(14 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The manufacturers of these medical devices did not usually have security in mind when they were designed. Vulnerable medical devices could be an entry point for hackers to attack the hospital network [30] .The presence of malware on computer systems can significantly affect the security of the medical devices. These days medical devices are connected to computers to allow health professionals to share medical diagnosis such as ultrasound results instantly but these can mean malware being transferred from one system and another and eventually to the wider hospital network [31].…”

Section: B Medical Devicesmentioning

confidence: 99%

“…The FDA also released a final post market management of medical devices during the whole lifecycle and stresses the need to perform risk assessments to determine exploitability and impact on patient health and evaluate risk to patient safety. [33] The current Common Vulnerability Scoring System(CVSS) does not often take clinical environments into account and a common framework for security and safety of this devices will go along way in addressing some of these challenges [30]. The ISO 80001 standards on the application of risk management for IT-networks incorporating medical devices provides guidance on security and risk management for healthcare organisations but its effectiveness in dealing with modern and complex cybersecurity challenges is unknown [34].…”

Section: B Medical Devicesmentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity Metrics for Enhanced Protection of Healthcare IT Systems

Ahmed

Naqvi

Josephs

2019

2019 13th International Symposium on Medical Information and Communication Technology (ISMICT)

View full text Add to dashboard Cite

Cybersecurity incidents are on the rise in the healthcare sector and it is becoming a growing concern for the senior executives. The attack surface is expanding due to the large number of connected medical devices and the proliferation of portable devices such as smart phones, tablets and USB devices. In this paper, we will discuss some of the security challenges facing this sector and propose a set of cybersecurity metrics that could be used to enhance the protection of the IT systems.

show abstract

Section: B Medical Devicesmentioning

confidence: 99%

Section: B Medical Devicesmentioning

confidence: 99%

Cybersecurity Metrics for Enhanced Protection of Healthcare IT Systems

Ahmed

Naqvi

Josephs

2019

2019 13th International Symposium on Medical Information and Communication Technology (ISMICT)

View full text Add to dashboard Cite

show abstract

“…If a medical device fails, there are many potential hazards to patient safety. There are many techniques for increasing cybersecurity, including not only network segmentation but also security policies, antivirus software, lifecycle management of operating systems, security patches, drivers, and so on [15]. Hopefully, the present study may partly provide support and inspire healthcare organizations to develop and communicate a strategy that encompasses all these important parts.…”

Section: Discussionmentioning

confidence: 88%

“…Other sources have also investigated the subject of cybersecurity in medical devices and have concluded that there is a relationship between the increase in network connectable medical devices and increased cybersecurity risks [15]. Likewise, segmenting the network in multiple layers with security gates such as firewalls in between them could be an effective way to contain network problems and reduce the impact of a breach in network security [16,17], which is comparable to dividing a building into fire zones to delay fire spreading and enabling firefighting in sections rather than in the building as a whole [18].…”

Section: Introductionmentioning

confidence: 99%

Information Technology and Medical Technology Personnel´s Perception Regarding Segmentation of Medical Devices: A Focus Group Study

et al. 2020

View full text Add to dashboard Cite

Objective: Segmentation is one way of improving data protection. The aim of this study was to investigate Information Technology (IT) and Medical Technology (MT) personnel’s perception in relation to ongoing segmentation of medical devices and IT infrastructure in the healthcare sector. Methods: Focus group interviews with 9 IT and 9 MT personnel in a county council in southern Sweden were conducted. The interviews focused on two areas: Positive expectations and misgivings. Digital recordings were transcribed verbatim and analyzed using qualitative content analysis. Results: Responses related to 2 main areas: Information security and implementation of segmentation. Informants stated that network segmentation would increase the overall level of cybersecurity for medical devices, addressing both insider and outsider threats. However, it would also increase the need for administration and the need for knowledge of the communication patterns of medical devices from the manufacturer’s perspective. Conclusion: IT and MT personnel in a county council in southern Sweden believed that segmentation would increase cybersecurity but also increase administration and resource needs, which are important opinions to take into consideration. The present study can be used as a model for others to increase awareness of opinions of healthcare organizations.

show abstract

“…In addition to a full understanding of the operation of a wide range of medical devices and specialized test equipment and procedures, BMETs must also have an understanding of issues specific to the hospital environment, such as infection control. Further, hospitals have become highly networked environments, where interoperability and network security have become critical issues, as hospitals implement electronic medical records [2].…”

Section: From Entry To Employment-interlocking Keys To Building a Successful Technician Programmentioning

confidence: 99%