The WannaCry virus has infected and frozen computers in many industries around the world. According to a news source report, the virus has extorted doctors and hospital administrators for the keys to unlock and regain access to their systems in order to treat patients. The Telegraph reports that in the United Kingdom alone, up to 40 hospital trusts were hit by the WannaCry ransomware virus, which resulted in a wave of cancelled appointments and a general state of disarray. Recently, the BBC has stated that at least 16 of these hospitals are still facing issues. With the widespread damage associated with the WannaCry virus, many experts have advocated that the medical device industry should be on alert, now more than ever, regarding the cyber security of their medical devices.
Although the issues associated with medical device security have recently been discussed, some industry professionals believe there does not seem to be an adequate solution to the problem of device security. Tressa Springman, the CIO of LifeBridge Health, explains:
“There’s a lot of talk in healthcare about device security. Discussions about what we’re comfortable pushing as endpoint security and what we’re unable to do – because certainly, we don’t want to create any harm to patients. Many of these devices and the vendors who manage them, it’s very hard to go direct on patching and adding security.”
While medical devices are generally tested extensively for safety, some cybersecurity experts have observed the same cannot necessarily be said for security. Brian NeSmith, co-founder and CEO of cyber security company Arctic Wolf Networks, has stated:
“Medical devices, similar to many other IoT devices, were not designed with rigorous security in mind and are more vulnerable to being hacked. They also do not fall under normal security operations procedures since they are used as needed by the medical practitioners and not deployed and maintained by the IT department.”
Security experts are emphasizing the importance of security patches. Optimistically, Richard Staynings, the principal cybersecurity healthcare leader at Cisco’s Security unit, believes:
“This is going to cause a paradigm shift, at least for patching.”