Please login to the form below

Not currently logged in
Email:
Password:

Healthcare sector ‘lacks awareness’ of cybersecurity threats

RAE report suggests medical devices could be prone to cyber attacks

cyber secutiry

The rise of digital health technologies is promising to transform healthcare, but is bringing with it cybersecurity risks that could be overlooked, says a new report.

The Royal Academy of Engineering report - entitled Cyber Safety and Resilience - suggests that the healthcare sector can learn from other industries when it comes to guarding against ransomware attacks, data breaches and hacking of connected health devices.

Taking connected health devices as an example, the report suggests that there is a general lack of awareness in the healthcare sector on the threats posed, and even if they exist. Lessons can be learned from other categories such as industrial control systems, smart homes and assisted living facilities. The RAE notes however that connected devices have different vulnerabilities - for example a large number of people may have access to them and consequences of tampering can be life-threatening.

“There is little robust evidence or quantification of the current security risks and potential impacts in the NHS for connected health devices, or more broadly, upon which to base solutions,” the report says, adding “there is a need to start measuring the problem before solutions can be identified”.

Meanwhile, at the EU level the regulatory framework hasn’t fully taken into account the cybersecurity risks to patient safety and privacy, and there are inconsistencies with the US, which “deals with cybersecurity much more explicitly [but is] less robust on telecoms standards and privacy, which has implications for telehealth and telecare”.

In 2016 the FDA said that the threat of medical device hacking is a growing concern, urging companies to take a proactive approach to planning for, and assessing, the cybersecurity of products once they reach the market. Last year researchers from the University of Leuven in Belgium and the University of Birmingham in the UK found a way to hack into implanted medical devices, steal medical information, drain the device’s battery and even cause it to malfunction.

The report makes a series of recommendations, including that the Medicines and Healthcare products Regulatory Agency (MHRA), NHS Digital and health industry associations should work together to develop guidance in this area, and that the MHRA and FDA should join a taskforce to look into how the existing legislative framework can be strengthened.

The UK government should also strengthen cybersecurity expertise in MHRA, using part of the budget for the UK’s cybersecurity programme, while research institutions should focus on developing methods to assure the security of complex health systems.

“The UK has world-class expertise in safety-critical systems that should be transferred to connected health devices and systems,” says the report.

Article by
Phil Taylor

21st March 2018

From: Healthcare

Share

Tags

Featured jobs

Subscribe to our email news alerts

PMHub

Add my company
90TEN Healthcare

90TEN is an award-winning healthcare communications consultancy that puts people at the heart of everything we do. Our Life.Changing. campaigns...

Latest intelligence

PM Society Digital Awards – the power of together
Our chief executive, Emma Statham, writes about the value of awards and the power of together....
Seduction_feature_image_thumb.jpg
Seduce anyone in four simple steps
You know the health of the global economy is dependent on our ability to seduce one another – don’t you? And you know that we need to be able to...
What Would Jeremy Do? : Assessing the impact of a Corbyn-led Labour government
GK Strategy are delighted to announce the launch our latest briefing paper entitled ‘What Would Jeremy Do? Assessing the impact of a Corbyn-led Labour government’....

Infographics