In the last year, we have observed medical-device companies are especially vulnerable to cyberattacks, but a structured approach that applies awareness, organizational risk management, and process frameworks can significantly reduce cyber-related risks.
With our experience working with medical companies, we have observed three characteristics that make the sector especially vulnerable to contemporary cyber threats.
- An increased number of threats and actors targeting the healthcare-sector: nation-state actors seeking for research-data (IP) and economic dislocation, cybercriminals who understand the economic value represented by accessing personal health records, and hacktivists out to publicly register their opposition broad agendas.
- High-digitalization and remote FW updates which increasing attack surface, arising from their different geographic compliance & regulations and device complexity.
- The healthcare sector’s unique interdependencies between physical and cyberinfrastructure make medical-devices vulnerable to exploitation, and even physical destruction.
To answer these challenges, industry experts propose a three-pronged approach:
Strategic proactive intelligence
On threats and actors before attacks on the device. organizations must move beyond reactive measures and take a forward-looking approach to security that integrates the security function into critical decisions about product security and the accompanying increase in security development lifecycle infrastructure and geographic regulations complexity. In parallel, leaders must develop security-minded plans to address “known unknowns” as attackers continue to find and utilize new attack vectors.
Programs to reduce operational gaps in awareness
Creating a culture of security. A high-functioning utility security apparatus should be aligned to ensure that the best minds across the organization —not just in security—are aware of threats and have robust processes to report potential vulnerabilities and emerging incidents. Furthermore, technical systems should provide security with a common operating picture of sites across geographies and business units to detect coordinated attack and reconnaissance campaigns.
To address the increasing convergence of threats. Industry leaders, like the eyes on the ground for leading-edge technologies (and corresponding vulnerabilities), should engage in regular dialogue with security domain-experts from similar industries on how to secure the delicate ties between physical and virtual infrastructure, by leveraging cyber digital-twin methodologies.
In many cases, IoMT risk also increases with greater use of supply-chain vendors-developed specialized connected devices across the value chain for innovative capabilities, given the resource limitations of smaller companies.
While these vendors typically offer connected devices with built-in security, the companies themselves may lack sufficient resources to respond to a large-scale incident, given the number of affected devices deployed. By examining the protections for those sub-systems, companies can ensure that the cybersecurity program is robust, and systems are protected against emerging threats.
Best-in-class companies ensure that the cybersecurity program has a strong underlying secure-operating model. Critical to success is the risk management platform of a cybersecurity systems catalog and accompanying operating model and process flows by creating a digital replica representation to measures a continuous success for the program.