MEDICAL DEVICES

Securing Internet of Medical Things (IoMT) Devices

Medical devices cybersecurity should be a top priority for every stakeholder in the healthcare system

 
 
luis-melendez-Pd4lRfKo16U-unsplash copy.jpg
 

Protecting People by Protecting Devices

 
 

Scroll to see where Sternum can be deployed

 

Industry Advances

In the past few decades we've seen the exciting potential of "Connected Healthcare" turning from a vision into reality. But as with any industry going through an increased connectivity phase, there are those who would like to use these new communication channels to disrupt and exploit – whether for financial gain, cyber warfare or just because they can.

Increased Risk

Hospital-commissioned remote monitoring of patients via connected devices -could be remotely shut down or damaged by hackers, and might lead to an immediate or incremental life-threatening situation.

Additional Threats

And beyond the direct threat to the cybersecurity of medical devices, there is also a derived threat to other devices, as breached or infected device serves as the gateway to the network it is connected to, enabling the perpetrator to disrupt more devices on that network.

 
 

+ The healthcare industry is the biggest loser of data breaches

Even if the devices themselves are not the target, the data which they collect and transmit could be accessed by untrusted parties. Commercially available health-oriented wearable devices, such as fitness bands, could also be a target -while they are mainly aimed for personal use, their data can (and in some cases already is) integrated into medical or insurance systems, and can be observed and manipulated by hackers.
The threat to human lives is obviously the number one concern, and the relevant regulation bodies worldwide are still contemplating on how to address and enforce this new cybersecurity for networked medical devices issue. However, healthcare service providers and medical devices vendors should also consider the current and future financial impact of cybersecurity incidents which involve their device or service. According to the IBM Security/Ponemon Institute "2019 Cost of a data breach report", the average total cost of a data breach in healthcare was $6.45m, the highest in all sectors, and 65% higher than the average total cost in all of the sectors (How the total cost of data breach is calculated).

+ Protecting humans through protecting devices

Providing a protective layer to IoT devices in general is hard – The technology stack is varied, with different operating systems, development environment, architectures, vendor-specific code and 3rd party add-ons.
In addition, there are constraints derived from the operational characteristics of the devices themselves, such as limited computational power and memory, low-energy operational infrastructure, the need to be in constant uninterrupted operation, and more.
And when human life is at stake, there is no room for error – everything needs to be treated as a critical infrastructure, because our body IS a critical infrastructure.

See how we can help with the FDA premarket cybersecurity guidance that was published in 2018 and is expected to become a formal medical device cybersecurity act in 2020.

meddevices-02 copy 2.jpg
 

How can we help?

Just like us humans, IoT devices come in many unique shapes and forms, and just like treating a patient requires a customized process, to mitigate these threats to these life-saving devices, a new kind of flexible IoMT security solution must be introduced.

 
 
sternumcheck.gif

It needs to mitigate known threats and identify and adapt to combat new ones

It needs to be in real-time to be able to prevent new and advanced attacks while alerting immediately of any cyber breach

sternumcheck.gif

It needs to provide protection without adding more hardware, while working on ANY hardware

It needs to be compliant with the industry's standards, and support current and upcoming regulation directives

sternumcheck.gif

It needs to seamlessly integrate with any medical device operating system and

development process

sternumcheck.gif

It needs to be applicable for post market devices, as well as pre-market ones

It needs to be Sternum

sternumcheck.gif

It needs to be efficient, working within the device's computational and energy limitations

sternumcheck.gif

It needs to protect 3rd party components and not just the manufacturer source code, while making sure the devices are always up to date

 

It needs to be Sternum.

 
 

At Sternum, we’ve got this covered. Would you like to be covered too?