After numerous crippling attacks against hospitals and other medical infrastructure, the world is becoming increasingly aware that cybersecurity presents a human safety issue. After the large-scale ransomware attack against the NHS, the Public Accounts Committee warned “a cyberattack is a weapon which can have a huge impact on safety and security. It needs to be treated as a serious, critical threat.”
Facing challenges ranging from health and safety to securing confidential information, the healthcare industry must tackle growing threats each day. Innovations in connected technology are breathing new life into medical care that can provide longer, healthier, happier lives. Pacemakers, insulin pumps, Micro Electro-Mechanical Systems all provide the potential for enhanced quality of life, but also introduce cyber risk that must be addressed.
However, the risks span far beyond just the safety factors. While online access to medical records provides doctors with information at their fingertips, organizations need to develop strong security controls to ensure patient privacy and PII confidentiality.
As healthcare continues to move into the digital age, effective cybersecurity programs are crucial for operational resiliency. IT systems, connected medical devices, digital health applications, electronic patient records – the list goes on. Each technology offers immense value but brings unique cybersecurity risks.
IOActive researchers recognized the intersection of cybersecurity and human safety back in 2012 and began researching connected medical devices. In October of 2012, Barnaby Jack successfully demonstrated remote exploitation of a pacemaker. Since then, we’ve been working with global organizations across the spectrum of healthcare providers, facilities, and device manufacturers to develop the right security controls and products that enable innovation to continue improving patient lives.