We are currently in the third wave of the cybersecurity industry, and it is the most challenging in terms of technology and scale. The initial wave comprised the earliest days of the internet until 2005. Since then, the rise of mobile and the cloud saw attackers develop increasingly sophisticated techniques to bypass cyber defences. The latest wave of innovation involves the adoption of a more proactive defensive approach, using machine learning and artificial intelligence (AI) to discover and analyse the growing landscape for attacks.

Cybersecurity Trends

Listed below are the key cybersecurity trends in healthcare, as identified by GlobalData.

Prevention begins with endpoint education

Employees should be educated about how their day-to-day activities interact with the organisation’s security defences. They need to be informed about the ramifications of sharing sensitive account credentials or installing unsanctioned applications, and the dangers of opening unknown email attachments.

Healthcare organisations continue to fall short on educating their staff about cyber threats due to the fragmented nature of healthcare, and few employees are aware of potential gateways for cyber threats into the enterprise network. Endpoints are the weakest link in a clinical setting.

Healthcare organisations should have a centralised management portal to control and manage the enterprise’s endpoints and network. All healthcare organisations should seek ongoing training programmes for data privacy, protection, and cybersecurity.

Multi-factor authentication uptake is on the rise

Multi-factor authentication is widely valued in healthcare settings and its adoption continues to rise. Passwords are the most common authentication tools in healthcare, yet they are easy to hack. While multi-factor authentication is not new, its uptake in healthcare is slow.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Medical Device Network.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

On all counts, securing patient database and electronic patient record (EPR) is crucial for healthcare. By working with security vendors, healthcare organisations can facilitate the implementation of two-factor authentication at low costs—using platforms such as physical tokens, soft tokens, and smartphones.

Biometrics

Biometric identity management is currently being explored by more advanced healthcare organisations and pharma companies. GlobalData expects the use of biometrics in healthcare organisations to grow over the next three to five years, particularly as a way to offer extra cybersecurity layers, control identity management and access, and offer a smoother clinical experience.

Network segmentation reinforces providers’ security

Network segmentation, which involves separating each network and making it visible only to those who have the right to access it, is gaining popularity as a way for carriers to control levels of access to sensitive data. The greatest benefit of network segmentation for healthcare organisations and the wider healthcare ecosystem is that it can limit access to medical data and ensure compliance with regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Network segmentation can limit the vulnerability of legacy systems that are currently impractical to upgrade or are in the process of being upgraded. Many attacks start with phishing emails to gain access to the organisation’s network, then make their way through back-office systems and into critical infrastructure.

Real-time analytics detect advanced threats

Healthcare organisations are working towards breaking down data silos for more effective sharing across healthcare networks. Simultaneously, vendors are continuously striving to add new channels and devices that plug into the enterprise network, which results in more data flows.

Analytics is positioned as a core enabler to help vendors achieve superior customer service. While healthcare providers already apply analytics to some extent to improve population health management and clinical efficiency, it has not yet been used to ramp up an enterprise’s security position. Behavioural analysis is a particularly niche technique within the healthcare sector.

Real-time analytics are considered more powerful, as legacy security information and event management systems (SIEMs) can meet compliance requirements but are no longer well-placed to detect advanced threats. Some vendors advise that SIEM is no longer sufficient in its own right, given that malware can already penetrate anti-virus software.

Push for increasing medical device cybersecurity regulations

In the age of big data, novel medical devices are increasing in connectedness to the Internet, other medical devices, and healthcare networks. Examples of connected medical devices include infusion pumps, implanted pacemakers, and insulin pumps. The use of connected devices brings the risk for hacking directly into patients’ information.

The European Union (EU) has recently initiated the General Data Protection Regulation (GDPR), which mandates that any organisation wishing to conduct business in Europe must follow five key GDPR requirements, and European regulators have published cybersecurity recommendations for many industries including medical devices. Similarly, over the last five years, the FDA has issued two guidance documents for medical device manufacturers: Content of Premarket Submissions for Management of Cybersecurity in Medical Devices in 2014, and Postmarket Management of Cybersecurity in Medical Devices in 2016.

In July 2017, a bill called the Medical Device Cybersecurity Act of 2017 was proposed in the US Senate. This bill aims to amend the Federal Food, Drug, and Cosmetic Act to require the FDA to create a cybersecurity report card for connected medical devices, which manufacturers must then include in a premarket approval application. More recently, the FDA released the Medical Device Safety Action Plan in April 2018, which includes notes on advancing medical device cybersecurity through updated premarket guidance and requirements, as well as the establishment of a CyberMed Safety Analysis Board (CYMSAB).

This is an edited extract from the Cybersecurity in Medical Devices – Thematic Research report produced by GlobalData Thematic Research.