From the January/February 2021 issue of HealthCare Business News magazine
By Ken Zalevsky
The global digital health market is expected to grow to $640 billion by 2026, an astounding 28.5% compound annual growth rate (CAGR). Connectivity is driving this massive growth, and the current global pandemic has accelerated the deployment of connected solutions. Hospitals currently have deployed around 15 connected medical devices per bed, and this number is increasing as medical device manufacturers rush to maintain relevancy by introducing connected versions of legacy devices.
At the same time, cyberattacks against hospitals are on the rise. Between September and October 2020, the number of attacks against hospitals increased by 71%. This could just be a glimpse of things to come, as some experts are predicting cyberattacks against hospitals will triple in 2021. This is partially due to the COVID-19 global pandemic and the complications this is causing for hospitals. Not only are hospitals experiencing higher demand for in-house healthcare services, but they are simultaneously trying to support telehealth, as patients and providers maintain distance.
In addition to pandemic complications, traditional spending by hospitals on cybersecurity products and services has been modest in comparison to other industries, making them a continually favorite target of bad actors. One bright spot is the prediction that hospital spending on cybersecurity will increase in the coming years, however, the general consensus is that, even with this additional investment, hospital cybersecurity budgets will still not be adequate to mitigate the risk. So, what, if anything, can hospital security staff do today to maintain patient safety in the face of continuous threats of cyberattack? A great place to start is with the basics, and there are cyber hygiene best practices that can provide a good foundation upon which to build. Let’s explore those now.
Monitoring and maintenance
Monitoring and maintaining a healthy, secure network should be a primary, high-priority activity for every hospital security team. Medical device manufacturers (MDMs) consider security when designing and building devices, and hospitals must consider security when deploying and maintaining those devices. Diligent monitoring and continuous threat mitigation activities, such as working with MDMs to get the latest security patches, is the only way to proactively prepare for cyberattacks. Unfortunately, this is still not enough to provide immunity. This is partially due to the fact that maintenance of medical devices is usually limited to the manufacturer or trained third-party service providers. Hospitals have limited ability to patch closed medical devices, however, the hospital security team can gain tremendous insight into potential risks of devices through transparency and visibility into the device and components utilized. This transparency comes from the willingness of the MDMs to provide reliable security documentation, including the Software Bill of Materials (SBOM) with their devices. The SBOM should list all of the software components utilized in the device, at a minimum. Some SBOMs also provide information on component vulnerabilities, which enables hospital security staff to take a more proactive approach to potential threats.
