While the healthcare sector is finally becoming aware of the cyberthreats and risks facing medical devices, new Internet of Things health devices are quickly creating new vectors for cyberattacks, warns cybersecurity expert Tyler Cohen Wood.
"The problem is that we've moved to this constantly connected healthcare system where we have devices that are sending data to a doctor, or healthcare systems that are using other digitally controlled devices," says Wood, cybersecurity adviser at Inspired eLearning. "The more connected you become, and the more software you're utilizing, typically the more open you are to attack."
In an interview with Information Security Media Group, Wood, a former Defense Department intelligence officer, says healthcare providers as well as device manufacturers are starting to implement security measures that go beyond what's recommended in the Food and Drug Administration's recently issued draft guidance for post-market cybersecurity of medical devices.
But consumer wearable health devices and other Internet of Things health gadgets and applications are creating new potential vulnerabilities, she says.
"If your heart monitor or diabetes monitor is connected to a [smart] phone, then you also have the added issue of the security of the phone. So, that's really with the problem lies," she says. "We are moving so quickly to the Internet of Things types of devices. When [manufacturers] were developing these devices, it's not intentional that security was not added; it's that they don't know all the risks and threats that are out there."
The healthcare sector "has just moved at tremendous speed in just the past couple of years" in becoming dependent on Internet-connected devices, she notes.
In the interview (see audio link below photo), Wood also discusses:
- The need for education on the latest risks and threats;
- What the healthcare sector can learn from other industries about cybersecurity, and what lessons other industries can learn from the challenges faced by the healthcare sector;
- Why ransomware is becoming an increasingly significant problem;
- The impact of the Cybersecurity Act of 2015 on potential cyber threat information sharing opportunities.
Wood is cybersecurity adviser at Inspired eLearning, a provider of Web-based training services. Previously, she spent more than 13 years working for the U.S. Department of Defense's Defense Intelligence Agency. There she served as a senior intelligence officer, deputy cyber division chief of the special communications division and the science and technologies directorate's cyber subject matter expert. In those roles, she made recommendations significantly changing, interpreting and developing important cyber policies and programs affecting DoD and intelligence community programs.