The US is starting 2019 with unprecedented threat levels in cybersecurity. Some argue that the government shutdown is not helping to reduce that. It is therefore that the 2019 Archimedes Medical Device Security 101 Conference held in Orlando Florida will take place under a completely different set of circumstances. With a plethora of reasons for increased threat levels, as discussed below, the medical industry is undoubtedly one of the most critical and sensitive industries to pay attention to.
How healthcare providers are taking action:
It is well-known that medical devices can easily be hacked in an interconnected world, whether from actors abroad or locally in the US. This is significant not just because of personal data – but due to the very fact that it can lead to the loss of life. Recently, in an industry briefing, Christian Espinosa, the CEO of Alpine Security, stated the following: “For various reasons, not limited to the shutdown, the US government may operate at unpredictable levels this year. This is yet another reason why cybersecurity for private healthcare providers is now a key priority”. Alpine Security is also a significant sponsor of the annual Archimedes Medical Device Security conference, alongside large corporations like PWC. Sponsors seek to raise awareness and reassure stakeholders that good countermeasures can be adopted.
Through a variety of actions, ranging from budget approvals to cybersecurity training, system engineering, and penetration testing, multiple stakeholders are acting to tackle cybersecurity issues in medicine. These include Chief information security officers, Directors of product engineering, System engineers, VPs of global product security, IT security managers, Physicians, Chairs of medical device security standards bodies, Security researchers – and Front-line engineers from clinical facilities. Suddenly, the tendency is for cybersecurity become one of the highest paid jobs in America, as the industry commits the necessary resources.
The backdrop of cybersecurity threat levels:
To consider “what could go wrong” is a common question. IBM recently asserted that on average, a data breach costs $3.86 million, given that the average value per record is $148. Yet not everything is measured in monetary terms: there are issues of national security at stake, key infrastructure such as the power grid – and then, sensitive industries such as medical and self-driving cars, where death is a very real risk.
The increased likelihood of cybersecurity problems occurring is the real issue at stake. Whereas previously, external actors may have simply looked to gain access to information: such as patents, technology transfer, and data that could be used for the purpose of cyberextortion, we now face a different landscape. The threat levels really evolved to the point where malicious actors may have the intention to inflict damage to critical infrastructure, loss of life – and indeed, the chaos that could damage the reputation of other countries, especially the US. Why? Because countries who are affected by trade wars and sanctions, realize an economic detriment – and are looking for ways to retaliate. Such countries may be unlikely to differentiate between government and corporate IT infrastructure, as they see corporations as a source of revenue for governments.
Prominent speakers at the 2019 Archimedes event:
A good indication that the medical industry is taking cybersecurity seriously, is the participating medical organizations. For example, notable key speakers will include Dr. Christian Dameff, Emergency Medicine Physician and Researcher at UCSD, Dr. Suraj Kapa who is a Cardiologist at Mayo Clinic, Dr. Seth Carmody, the Cybersecurity Program Manager at the FDA, and Colin Morgan, Director of Product Security at Johnson & Johnson.
Whether or not governments around the world increase trade tensions, we live in an environment where too many actors can be underhanded, for too many reasons. Industries are not at the late stages of this phenomenon, but rather at the beginning. Organizations that have the best interests of their patients at heart, will no doubt need to demonstrate leadership in the area of cybersecurity.