Healthcare is one of the largest and most innovative industries, yet its spending level in cybersecurity is alarmingly lagging compared to others. When you think of it, it really is staggering!
Technology here evolves at a very high pace, and connected medical devices are quickly replacing legacy equipment. ABI research estimates that by 2021 (in two years!) smart health device shipments will grow to 57 million devices annually.
Connecting these devices presents a lot of benefits for patients, care providers and payers: more personalized and efficient care, better efficiencies and cost control, and reduced medical risks.
However, connecting these devices also presents a new type of risk. They are now exposed to the connected world and can easily be hacked, tampered with, and even disabled. This can result in leaked patient information, identity theft, blackmail, shutdowns, and possibly worse. Hacking these devices can also be used as a stepping stone to breaching an entire care provider’s network, with likely disastrous consequences for both patients and the targeted care provider.
It gets much worse when you think of implanted devices such as pacemakers, insulin pumps or deep brain stimulators; a breach here could threaten the life of patients and destroy the reputation of the device manufacturer and/or the care provider.
The healthcare industry ranks 15th in cybersecurity performance when compared to 17 other major US industries (SecurityScorecard). This is a grim statistic when so much is on the line, but the healthcare industry – like many industries reinventing themselves in a tech age – struggle with the same basic question: how can you block what you can’t see? Most organizations don’t realize they’ve been infiltrated, and by the time they do, their data, patients and devices are already under siege. Fundamentally it’s not about IF you’re hacked … it’s about what you do WHEN you’re attacked.
We are entering a new era where the security paradigm is very different from what it used to be. What we now need is a comprehensive security strategy including the monitoring and protection of all connected devices (medical, IT and mobile) from within the device itself, in addition to the traditional protection of the network.
To reach peak efficiency, this strategy also requires the quick collective learnings of all new security threats, as opposed to relying on the limited awareness and isolated knowledge of a single IT department. In today’s connected world, cybersecurity needs to be aggressive, global, and more proactive than reactive.
This is where the IBM and Irdeto partnership is groundbreaking and so impactful to the healthcare community. It provides an unrivalled solution to enable this strategy and solve a major industry problem.
IBM’s integrated and intelligent security Immune System provides monitoring and protection for IT equipment, networks and end-points, and is now augmented by Irdeto’s ability to monitor and secure medical devices and applications. The combined expertise allows for the immediate quarantine of targeted and potentially compromised devices and applications, and for the global reporting and prevention of new threats to all IBM and Irdeto customers. Additionally, once vulnerabilities are identified, security fixes are deployed quickly and efficiently, through Irdeto’s underlying Cloakware technology and IBM’s BigFix solution.
With the addition of this proven technology – already deployed in more than 5 billion devices and applications – medical devices are now more secure than ever, the risks from a hacked device – if any – vastly reduced, the safety of patients and their data secured, and revenues and reputation of healthcare organizations preserved.