The recent WannaCry attack drew attention to ransomware vulnerabilities throughout healthcare systems, but ransomware itself is not the source cause of concern for the healthcare industry – legacy medical device software is, according to a new Healthcare IT News report.
The ransomware attack was merely a sign of possible future attacks, according to Healthcare IT News report authors healthcare cybersecurity company Virta Laboratories CEO Kevin Fu and Swansea University computer science professor Harold Thimbleby.
“When we know about a disease, do we read about it and hope never to get it? No, we vaccinate, avoid risky areas, wash our hands, and seek immediate help after coming in contact with a carrier. In short, we plan ahead for risk management,” the authors wrote.
According to the report, the appropriate approach to preventing such attacks and removing vulnerabilities includes addressing 5 core parts of the delivery supply chain: manufacturing, procurement, regulation, training and governance.
Medical device manufacturers will need to design in security features, while hospitals will need to factor in “meaningful cybersecurity” into their purchasing decisions. Report authors said that governments will have to join in preparations, possibly building test hospitals to explore cybersecurity readiness. Lastly, regulators will need to take into account that malware attacks do not respect international boundaries, and can spread across systems worldwide at the same time.
Authors wrote that many steps would have to be taken to begin developing protection against cybersecurity attacks, including improving motivation for computer science students to work in healthcare, creating appropriate governance structure for software security at healthcare facilities.
No medical devices are perfectly secure, but security must be considered when designing and delivery healthcare, the authors wrote.
“The recent global outbreak of ransomware is just the symptom du jour, and it’s time to act on recommendations to improve cybersecurity in manufacturing, procurement, regulation, training, and governance. Until cybersecurity becomes as second nature as hand washing, we should expect the cybersecurity problems to increase in frequency and consequence,” authors wrote in their Healthcare IT News report. “If there’s any silver lining, perhaps manufacturers, healthcare delivery organizations, and governments will begin to think more strategically rather than reactively to improving healthcare cybersecurity.”