Please login to the form below

Not currently logged in
Email:
Password:

Healthcare sector ‘lacks awareness’ of cybersecurity threats

RAE report suggests medical devices could be prone to cyber attacks

cyber secutiry

The rise of digital health technologies is promising to transform healthcare, but is bringing with it cybersecurity risks that could be overlooked, says a new report.

The Royal Academy of Engineering report - entitled Cyber Safety and Resilience - suggests that the healthcare sector can learn from other industries when it comes to guarding against ransomware attacks, data breaches and hacking of connected health devices.

Taking connected health devices as an example, the report suggests that there is a general lack of awareness in the healthcare sector on the threats posed, and even if they exist. Lessons can be learned from other categories such as industrial control systems, smart homes and assisted living facilities. The RAE notes however that connected devices have different vulnerabilities - for example a large number of people may have access to them and consequences of tampering can be life-threatening.

“There is little robust evidence or quantification of the current security risks and potential impacts in the NHS for connected health devices, or more broadly, upon which to base solutions,” the report says, adding “there is a need to start measuring the problem before solutions can be identified”.

Meanwhile, at the EU level the regulatory framework hasn’t fully taken into account the cybersecurity risks to patient safety and privacy, and there are inconsistencies with the US, which “deals with cybersecurity much more explicitly [but is] less robust on telecoms standards and privacy, which has implications for telehealth and telecare”.

In 2016 the FDA said that the threat of medical device hacking is a growing concern, urging companies to take a proactive approach to planning for, and assessing, the cybersecurity of products once they reach the market. Last year researchers from the University of Leuven in Belgium and the University of Birmingham in the UK found a way to hack into implanted medical devices, steal medical information, drain the device’s battery and even cause it to malfunction.

The report makes a series of recommendations, including that the Medicines and Healthcare products Regulatory Agency (MHRA), NHS Digital and health industry associations should work together to develop guidance in this area, and that the MHRA and FDA should join a taskforce to look into how the existing legislative framework can be strengthened.

The UK government should also strengthen cybersecurity expertise in MHRA, using part of the budget for the UK’s cybersecurity programme, while research institutions should focus on developing methods to assure the security of complex health systems.

“The UK has world-class expertise in safety-critical systems that should be transferred to connected health devices and systems,” says the report.

Article by
Phil Taylor

21st March 2018

From: Healthcare

Share

Tags

Featured jobs

Subscribe to our email news alerts

PMHub

Add my company
90TEN Healthcare

90TEN is an award-winning healthcare communications consultancy that puts people at the heart of everything we do. Our Life.Changing. campaigns...

Latest intelligence

World Diabetes Day: Interaction and impact of diabetes on mental health
For World Diabetes Day on the 14th November 2018, Nisha Shahrukh - Medical Writer at Mednet Group has written an article depicting the impact diabetes has on mental health. Including...
EU
Innovation in merger control and the impact on the pharmaceutical sector
Is focusing on pipeline products enough to assess regulatory risks?...
Nudge-nudge, think-think
Chris Ross examines the personal complexities of human behaviour – and explains why fun, emotion and peer endorsement could be key to designing effective behavioural change programmes...

Infographics