This article was originally published on May 25, 2019.
Editor’s Note: This content is contributed by Subhankar Bhattacharya, Lead Marketing for Medical Devices.
Hackers are getting more sophisticated and are targeting sensitive, potentially vulnerable, and sophisticated targets like Healthcare and Industrial networks. Xilinx Healthcare & Industrial IoT solutions and the Zynq® UltraScale+™ System-on-Chip (SoC) platform provide the right defense for medical and industrial equipment that are an integral part of the ‘Operational Technology’ within large networks in hospitals and manufacturing plants.
Some important facts:
- In 2017, the US Medical & Healthcare sector experienced 350 data breaches involving 5M+ patient records [Source: The HIPAA Journal]
- Over $20B in 2020 will be spent on cybersecurity infrastructure in the US alone [Source: Bloomberg Government Data]
- For healthcare, there’s no standardized mix of system security methodologies & policies
- The US FDA, the guardian of the medical equipment sold in the US, published guidance on best practices for cybersecurity.
But this information from the FDA should not just be taken as guidance. There is a long runway to getting guidance changed into law. Due to the long design and validation time and time to market of medical equipment, these requirements should be considered immediately to meet compliance.
And it’s not just the FDA…the US Department of Defense and HIPAA are also involved in varying levels to bring fundamental changes to the way cybersecurity is dealt with for healthcare.
So, can you leave your systems unprotected or ‘air-gapped’ in a healthcare network environment like in a hospital? The answer seems to be: ‘Not Anymore!’
The time gap without maintenance and patching requirements is being reduced exponentially and IT administrator tasks in hospitals are getting harder because of the growing complexity.
So, whether it’s a medical ultrasound, a CT scanner in radiology, digital equipment in pathology, nursing-station patient monitoring equipment, or even a PC, any can pose a threat to the network environment.
So the challenge for hospital environment IT is growing every day. As more medical equipment gets added to the hospital network, IT’s responsibility in managing a complex multi-tier multi-protocol system gets more complicated.
For traditional IT systems involving electronic medical records, finance, and HR, the priority is to protect the integrity of the data, and the systems must be able to be shut down and be isolated to protect against malware attacks. But for medical devices or equipment used in surgery and/or the ICU, the internal network has to keep running with high availability and maintain a safe state. Further, radiology equipment may have even a different set of priorities. The growing complexity in end-use of medical equipment within hospital settings continues to put more emphasis on risk management in terms of reliability and security.
Start your embedded cybersecurity journey. We urge you to check out (and share with your colleagues) both white papers written by Xilinx cybersecurity experts:
Industrial IoT cybersecurity paper: https://www.xilinx.com/support/documentation/white_papers/wp513_iec62443.pdf
Healthcare IoT cybersecurity and safety paper: https://www.xilinx.com/support/documentation/white_papers/wp511-risk-mgmt.pdf
Additionally, here’s a recent article on Xilinx cybersecurity solutions: https://www.cbronline.com/opinion/industrial-cybersecurity-embedded-hardware