Hospital medical devices are being abused by cybercriminals and possibly cyberspies as a stepping-stone within healthcare networks to steal valuable healthcare identities and information. What was once the stuff of sci-fi fiction is becoming a reality.
Medical devices are under threat from a multitude of angles. There have been some well publicised cases of devices being deliberately hacked. We have taken proactive measures for manufacturers highlighting where weaknesses in design exist that could give rise to intentional and non intentional breaches.
Healthcare professionals and their patients, as well as manufacturers, can report problems about devices to the MHRA’s adverse incident reporting scheme. We work within these guidelines but go far beyond the requirements by following NIST SP 800-53. This is particularly necessary when we are protecting devices such as wireless medical infusion devices.
It might surprise many people to learn that the healthcare industry suffers the most data breaches when compared with other sectors. However, it shouldn’t be a surprise when considering that those in the healthcare domain manage a vast amount of personal information that is lucratively attractive to hackers. Cyber criminals are also all too well aware that many healthcare organisations do not have the resources, processes, and technologies to implement a robust security strategy.
Many healthcare organisations need to be HIPAA compliant. The requirement covers access control, data integrity and audit control. We enable healthcare providers to keep their information secure by helping them to become HIPAA Compliant. That is only part of the story.
For others at a minimum the Data Protection Act needs to be adhered to.
Swift action is necessary to stop data being changed or exfiltrated. We provide a rapid response team to prevent consequences arising from an attack. If systems are infected we make sure that healthcare can continue.