Medtech giant BD today detailed how it has taken proactive steps to ensure medtech cybersecurity in an increasingly critical environment.
“Medical device cybersecurity has become more critical than ever as the number of smart, connected devices grows and healthcare expands into more care settings, including patient homes,” said Rob Suárez, the company’s chief information security officer. The quote was in the BD 2022 Cybersecurity Annual Report published today.
“Ensuring patient privacy in these care settings is critical. At the same time, cybercriminals continue to attack healthcare entities with attempts to extort money, steal intellectual property and cause disruption,” Suárez said.
Ransomware attacks were down by 23% overall during the first half of 2022, but they more than quadrupled in healthcare, according to BD, which cited a SonicWall report. Phishing — which a HIMSS report from 2021 said made up more than half of serious healthcare security incidents — is becoming more sophisticated. Meanwhile, software supply chain attacks have the FDA pointing out the need for medical devices to each have a software bill of materials (SBOM). The SBOM idea was part of a regulatory draft guidance that the FDA posted last year.
BD listed the proactive medtech cybersecurity measures it has taken:
- Monitoring network activity in accordance with local laws;
- Managing and reducing the attack surface for potential threats;
- Maintaining strategic resilience measures, including secure backups;
- Managing geographical segmentation controls where required;
- Security audits, penetration testing, cybersecurity incident response plans, employee cybersecurity training and more.
BD released its first medtech cybersecurity report in 2020. In 2021, it said it was the first medical technology company authorized as a Common Vulnerability and Exposures (CVE) Numbering Authority by the CVE Program.