Forward-thinking healthcare providers are pivoting towards a holistic cybersecurity approach to shore up their current positions. This approach will also ensure strong future-proofing elements by acknowledging ongoing changes that are in line with wider growth strategies.
Industry Growth Drivers
Listed below are the key industry growth drivers impacting the cybersecurity in medical theme, as identified by GlobalData.
Large corporations are building private and hybrid clouds while small-to-medium enterprises (SMEs) are spending significantly on public cloud services. Both activities could open companies up to a higher risk of cyber-attack and could also increase the demand for cloud security and web application security services.
The healthcare industry is employing cloud technology more and more abundantly for a variety of usages, including data storage, device interconnectivity, and communication. Protecting this type of data stored in clouds is of utmost importance, as this data is often sensitive and personal in nature.
Dwell time refers to the time from compromise to detection. Reducing the dwell time is important because it reduces the risk of a zero-day threat. Most corporations (and their insurers) are expected to get dwell times as close to zero as possible. The fact that dwell times remain high demonstrates that growth prospects for the security industry remain extremely positive.
Internet of things (IoT)
As more things become connected to the internet, cybercrime could shift to connected fridges, connected cars, drones, and industrial machines. In the race to create an app for every physical product, many companies are overlooking basic security features.
Medical devices also employ IoT technology for connectivity and data sharing. The IoT could lead to a dramatic extension of the attack surfaces that hackers can target within a typical company.
Cloud Security Alliance
The Cloud Security Alliance, a group that most major technology companies are a part of, now operates in almost every country. It is an industry body that aims to share intelligence on cybersecurity issues in an open environment and to jointly create large-scale, self-learning cybersecurity systems based on open standards.
The Cloud Security Alliance regularly publishes learning materials targeted at the healthcare industry and is a solid resource for healthcare cybersecurity awareness.
Android handsets have long been susceptible to serious security breaches because Android is open source and Google does not control the software update process for most of the world’s Android smartphones. As such, when a security breach occurs, Google’s ability to quickly patch the breach is limited. Instead, it is the device makers or telecom operators that decide if, when, and how to release software updates.
In October 2016, Google took a big step to fix this Android fragmentation problem by introducing Pixel, a smartphone with hardware and software that is entirely controlled by Google. It is expected that Google will make Android proprietary, just like Microsoft Windows or Apple iOS. In the meantime, hundreds of millions of Android smartphones remain vulnerable to attack.
Mergers and acquisitions
The larger software conglomerates—IBM, Oracle, SAP, Microsoft, and Alphabet—are all in a race to build software ecosystems. Cybersecurity remains their weakest link. For networking equipment makers like Cisco, security is also seen as a weak spot in their offering.
There have been continued mergers and acquisitions (M&As) in this sector among the big software houses, internet ecosystems, and networking equipment makers, thus strengthening their cybersecurity capability, especially in unified threat management and artificial intelligence (AI).
Geopolitical tensions in the South China Sea, the Middle East, Ukraine, and elsewhere mean that the world is likely to witness a new wave of cyberattacks. Many could be zero-day attacks, including some that may be state sponsored. Several governments are setting up new military cyber command divisions that could put cyber warfare on an equal footing with combat divisions in air, land, sea, and space.
In the healthcare sphere, geopolitics impacts cyber risk when medical devices become involved; for example, opposing parties could use cyber-vulnerabilities within medical devices to bring down the device and assassinate its user, thereby committing “cyber-assassination”.
Bug bounty programmes
In August 2016, Apple became the latest big tech company to introduce a bug bounty programme. It will pay cybersecurity professionals for finding holes in Apple’s software and reporting these vulnerabilities to Apple so it can fix them before criminals use them to hack into Apple devices.
Other companies such as Google, Microsoft, and Facebook all have their own bug bounty programmes, and healthcare systems are beginning to adopt them as a security measure as well. As the IoT gains traction, more and more non-tech companies could become vulnerable to cyber hacking. The larger, cash-rich tech titans are able to pay bigger bounties, enabling them to patch up holes in their software quicker than smaller rivals.
This is an edited extract from the Cybersecurity in Medical Devices – Thematic Research report produced by GlobalData Thematic Research.