As October winds down, so does National Cyber Security Awareness Month (NCSAM). Sponsored by the National Cyber Security Division within the Department of Homeland Security and the National Cyber Security Alliance, NCSAM is observed each October with the goal of raising awareness and vigilance of threats posed to computer users. And needless to say awareness is certainly needed!
Just last month, we posted a blog that highlighted the most recent Identity Theft Resource Center figures on data breaches. As of mid-September, that number stood at 584 total breaches that exposed 20,500,000 records. Here we are only about 30 days later and that number is now 725 breaches with 29,200,000 records exposed. The numbers don’t lie and they seem to be accelerating each month.
What might be most disturbing is a recent Ponemon Institute study that showed 90 percent of healthcare organizations that participated in their study suffered a data breach in the previous two years and 45 percent of those organizations had more than five data breaches in the same period! Further, these breaches could be costing the industry nearly $6.2 billion.
Mobile medical and wellness apps and devices are changing how we manage our health. In fact, it’s more common than not to have your health provider use an online portal or app (or both) to deliver healthcare results and communications. As this market grows, healthcare and medical device providers will need to meet new FDA mandates for medical apps that pose a greater risk if they do not function as intended.
Here are some key highlights from the FDA draft guidance for healthcare industry and staff:
It is recommended as part of a [device] manufacturer’s cybersecurity risk management program that the manufacturer incorporates elements consistent with the NIST Framework for Improving Critical Infrastructure Cybersecurity (i.e., Identify, Protect, Detect, Respond, and Recover).
Manufacturers can also enhance their postmarket detection of cybersecurity risks by incorporating detection mechanisms into their device design and device features to increase the detectability of attacks and permit forensically sound evidence capture.
Manufacturers should consider the incorporation of design features that establish or enhance the ability of the device to detect and produce forensically sound postmarket evidence capture in the event of an attack. This information may assist the manufacturer in assessing and remediating identified risks.
Manufacturers should design their devices to ensure that risks inherent in remediation are properly mitigated including ensuring that the remediation is adequate and validated, that the device designs incorporate mechanisms for secure and timely updates.As we observe this month of cyber security awareness, it’s important to understand that there are steps that medical device and app creators can take to mitigate risks. Our enterprise-level solution, Cryptanium, has two main components that can help medical device manufactures introduce the security needed to prevent malware threats like ransomware. The first is Cryptanium Secure Key Box, a white box cryptographic library that implements standard cryptographic algorithms in a way that completely hides the keys. The second is Cryptanium Code Protection, a comprehensive tool for hardening software applications on multiple platforms. These two components work together to increase security protection against these types of malware threats. The connected world we live in today goes beyond computers and mobile devices to automobiles, home appliances and medical devices; the security solutions that we rely on need to work harder to protect the people that rely on these devices.