Healthcare 2023
I read an interesting whitepaper earlier in the year that looked at cybersecurity from a healthcare perspective. The focus was on CPS – Cyber-Physical Systems – in healthcare and was was written by Claroty and their research group.
There was a lot of good and interesting information but one part stuck with me. It summarized the challenge facing Biomedical Engineering departments and the complexity of medical device cybersecurity and vulnerability management. Not only do we have multiple device-types, but also multiple models of the same device-type from different vendors despite our best efforts at standardization. This means that we have a complex install base from multiple manufacturers, all of which may have a different level of investment in cybersecurity. Some are excellent at providing timely cybersecurity information on vulnerabilities, patching, and incidents. Others, well…
I thought the below image, taken from the report linked below (and available in our document repository), summed up the challenge quite nicely. (Note KEV=known exploited vulnerability-vulnerabilities that are known to be actively exploited “in the wild”)
That is a significant and challenging problem. A large percentage of your network-connected devices very likely have KEVs and the vendor may or may not have a patch or mitigation strategy. This quite nicely sums up the challenge of vulnerability management for medical devices. It is a large and resource intensive problem!
Our database of vulnerabilities is here to help you with the seemingly overwhelming problem. We can help you during the research phase to identify which models have vulnerabilities and if they are actively being exploited. Phase II of our database, coming soon, will be to assist in triaging – helping you make the most of your limited resources and helping maximize your risk reduction in the shortest time possible.
Need help with cybersecurity of medical devices? Reach out, we love to talk about security.
Leave a Reply
You must be logged in to post a comment.