Please login to the form below

Not currently logged in

Healthcare sector ‘lacks awareness’ of cybersecurity threats

RAE report suggests medical devices could be prone to cyber attacks

cyber secutiry

The rise of digital health technologies is promising to transform healthcare, but is bringing with it cybersecurity risks that could be overlooked, says a new report.

The Royal Academy of Engineering report - entitled Cyber Safety and Resilience - suggests that the healthcare sector can learn from other industries when it comes to guarding against ransomware attacks, data breaches and hacking of connected health devices.

Taking connected health devices as an example, the report suggests that there is a general lack of awareness in the healthcare sector on the threats posed, and even if they exist. Lessons can be learned from other categories such as industrial control systems, smart homes and assisted living facilities. The RAE notes however that connected devices have different vulnerabilities - for example a large number of people may have access to them and consequences of tampering can be life-threatening.

“There is little robust evidence or quantification of the current security risks and potential impacts in the NHS for connected health devices, or more broadly, upon which to base solutions,” the report says, adding “there is a need to start measuring the problem before solutions can be identified”.

Meanwhile, at the EU level the regulatory framework hasn’t fully taken into account the cybersecurity risks to patient safety and privacy, and there are inconsistencies with the US, which “deals with cybersecurity much more explicitly [but is] less robust on telecoms standards and privacy, which has implications for telehealth and telecare”.

In 2016 the FDA said that the threat of medical device hacking is a growing concern, urging companies to take a proactive approach to planning for, and assessing, the cybersecurity of products once they reach the market. Last year researchers from the University of Leuven in Belgium and the University of Birmingham in the UK found a way to hack into implanted medical devices, steal medical information, drain the device’s battery and even cause it to malfunction.

The report makes a series of recommendations, including that the Medicines and Healthcare products Regulatory Agency (MHRA), NHS Digital and health industry associations should work together to develop guidance in this area, and that the MHRA and FDA should join a taskforce to look into how the existing legislative framework can be strengthened.

The UK government should also strengthen cybersecurity expertise in MHRA, using part of the budget for the UK’s cybersecurity programme, while research institutions should focus on developing methods to assure the security of complex health systems.

“The UK has world-class expertise in safety-critical systems that should be transferred to connected health devices and systems,” says the report.

Article by
Phil Taylor

21st March 2018

From: Healthcare



Featured jobs

Subscribe to our email news alerts


Add my company
Nobull Communications

Switched on Creative Communications. With an encyclopedic working knowledge of pharmaceutical industry rules and regulations, we create dynamic, intuitive and...

Latest intelligence

Empowered patients: shaking the foundations of healthcare
Precision medicine represents a new paradigm in healthcare.This new approach to treating and preventing disease views the patient holistically, analysing their genes, environment and lifestyle, and using this information to...
A uniquely English genomic medicine service
The UK National Health Service is developing one standardised approach to embedding precision medicine across the whole of England. Blue Latitude Health speaks to Dr Tom Fowler, Deputy Chief Scientist...
Blended Intelligence
Data is the most valued commodity of the modern world. For P&P it's all about the application....