MPO Staff03.01.22
Healthcare technologives have allowed the world to diagnose, treat, and vaccinate humans against COVID-19, but the speed in which these innovations have been developed has exposed existing medical device software and hardware systems to cybersecurity risks, Globaldata analysts warn.
Old software doesn’t solely affect the operational efficiency of a device; it can also present a serious cybersecurity risk, which is why there is currently a push to increase cybersecurity awareness in healthcare institutions. For example, the U.S. Food and Drug Administration (FDA) has suggested legislative authorities query medical devices’ cybersecurity capabilities, as well as ensure that medtechs are required to have a Software Bill of Materials (SBOM).
“Tech innovation is speeding ahead at a mighty pace, but healthcare technology is stuck in the 90s," said Kamilla Kan, a medical analyst at GlobalData. "Essential software used in devices such as anesthesia delivery systems and ventilators in some instances are being run on software first developed over two decades ago. The industry desperately needs a catch up. A lot of facilities are still either in the process of digitizing all of their systems or continue to use outdated ones. In November 2021, the U.S. Cybersecurity and Infrastructure Security Agency issued an alert concerning critical vulnerabilities in Siemen’s software. Siemens has released patches and updates for products that were affected and confirmed that it is further investigating if any more of its products are affected. While no attacks were recorded, these system vulnerabilities would be easy entryways for hackers to exploit patients. Siemens’ software was released in 1993. If such a well-established company such as Siemens can experience system vulnerabilities, there is a question as to how many medical devices could be running on software that is this old, or older.”
The rate of cyberattacks on healthcare institutions has been steadily increasing since the beginning of COVID-19 pandemic and are expected to grow in the future as the healthcare industry adopts more advanced medical devices and increases patient data collection.
“Healthcare companies should not only monitor and test the safety of hardware and software of new medical devices, but keep updating and monitoring those that have been in service and on the medical market for some time,” Kan said.
Old software doesn’t solely affect the operational efficiency of a device; it can also present a serious cybersecurity risk, which is why there is currently a push to increase cybersecurity awareness in healthcare institutions. For example, the U.S. Food and Drug Administration (FDA) has suggested legislative authorities query medical devices’ cybersecurity capabilities, as well as ensure that medtechs are required to have a Software Bill of Materials (SBOM).
“Tech innovation is speeding ahead at a mighty pace, but healthcare technology is stuck in the 90s," said Kamilla Kan, a medical analyst at GlobalData. "Essential software used in devices such as anesthesia delivery systems and ventilators in some instances are being run on software first developed over two decades ago. The industry desperately needs a catch up. A lot of facilities are still either in the process of digitizing all of their systems or continue to use outdated ones. In November 2021, the U.S. Cybersecurity and Infrastructure Security Agency issued an alert concerning critical vulnerabilities in Siemen’s software. Siemens has released patches and updates for products that were affected and confirmed that it is further investigating if any more of its products are affected. While no attacks were recorded, these system vulnerabilities would be easy entryways for hackers to exploit patients. Siemens’ software was released in 1993. If such a well-established company such as Siemens can experience system vulnerabilities, there is a question as to how many medical devices could be running on software that is this old, or older.”
The rate of cyberattacks on healthcare institutions has been steadily increasing since the beginning of COVID-19 pandemic and are expected to grow in the future as the healthcare industry adopts more advanced medical devices and increases patient data collection.
“Healthcare companies should not only monitor and test the safety of hardware and software of new medical devices, but keep updating and monitoring those that have been in service and on the medical market for some time,” Kan said.