Medical Device Security Risks

Christopher Frenz, Director at Interfaith Medical Center based in USA, participates in Risk Roundup to discuss Medical Device Security Risks. Overview Medical devices are increasingly getting connected to the internet, hospital networks, and to other medical devices. As a result, just like any other connected computer system, medical devices are also becoming vulnerable to security breaches from cyberspace, geospace and space (CGS). While the on-going breaches potentially impacts the safety, security and effectiveness of medical devices, it also brings to light the developing fear and mistrust towards the hospitals. When the human lives are at the center of this rapidly evolving vulnerable healthcare ecosystem, understandably, security of medical devices becomes a significant risk management concern. It is therefore important to evaluate its security risks- * How vulnerable are medical devices to security challenges from cyberspace, geospace and space (CGS)? * What is the impact of CGS integration on medical devices? * How prepared are healthcare organizations for its security in cyberspace, geospace and space? * Where is the CGS connectivity taking medicine and healthcare sector? * How many potential entry- points any average hospital has for hackers to get through? * How effective is medical device authentication? * What are medical device security trends? * How easy it is for hackers to take the hospitals offline? * How effective is medical data security? * How are medical devices operating system security risks managed? * How are medical devices network security risks managed? * How are security risks of implantable medical devices (IMDs) be managed? * How is the software updated in connected as well as standalone medical devices? * Are patients aware about the security risks to their life when they imbed medical devices in their body? * How is the security of a medical device measured? * How should a cybersecurity risk management program for medical devices should look like? * What role social media plays in security vulnerability? * Are regulated medical devices more vulnerable to security vulnerability or unregulated medical devices? * Are the portable devices secure? * What are some high-profile security breaches that we have observed in the implantable devices (IMDs) over the years? * How are hospitals monitoring medical devices? * Will humans be able to manage the security risks of medical devices? * What role will blockchain play in medical device security? * How many medical device security risks are insurable? * What are FDA recommendations for hospitals for mitigating and managing cybersecurity threats? * What are the FDA recommendations for medical device manufacturers for mitigating and managing cybersecurity threats? * Are manufacturers, required to notify users of any security vulnerability update? * How secure are electronic health records in all its storage formats—cloud to hard drives, servers and so on? * Since the medical devices lasts for years, is there a mechanism to update the software as necessary? * Are medical device manufacturers accountable of implementing comprehensive cybersecurity controls throughout a product’s lifespan? * Is medical device manufacturing industry taking charge to ensure that the right balance is found between functionality and security? * What are the key risks associated with DDoS (distributed denial of service) attacks? How is the medical device manufacturing addressing these risks when developing new products? * What role does the proliferation of connected devices play in the execution of a (distributed denial of service) DDoS attack? How should device manufacturers assume responsibility for cybersecurity risks?