min reading time
Cybersecurity professionals have been alarming the healthcare industry about the threat of exploitation of smart healthcare devices and the doctors’ over-dependence on them until sadly, their warnings became reality, and a person lost her life in a ransomware attack in a German hospital last year.
How the ransomware paralyzed the Duesseldorf University Hospital?
According to the official reports, the internal system of the hospital crashed gradually. First, the hospital staff couldn’t access the data of the hospitalized, then, they got to a point where they couldn’t even perform life-saving operations due to the lack of necessary data and the availability of smart equipment.
Additionally, readers could follow the unfortunate events of the WannaCry cyberattack in 2017 via media, which shut down major healthcare systems, like the NHS in the United Kingdom. Luckily no deaths occurred due to the attack, though it drew the attention of healthcare professionals and smart device creators to the main underlying issue.
Are we threatened by the cybersecurity issues of healthcare devices in any other way?
From patient records and lab results, radiology equipment, hospital elevators to personal wearable tracking devices and mobile applications, healthcare professionals, and individual tech users are increasingly reliant on smart devices that are connected to the Internet. Even though this interdependence facilitates easy data access, data sharing, or user/patient engagement, it contains the risk of data theft, malicious data alteration, denial of access to crucial data, or blackmailing.
In early 2019, researchers in Israel announced that they’ve created a virus that is capable of adding malicious tumors into CT and MRI scans, which proves to be a powerful weapon in order to trick doctors into misdiagnosing their patients.
Talking about wearable tracking devices and applications: they also pose a growing security risk, as their measurement system and statistics become more subtle and real-time. Sadly, these devices are not an exception to vulnerability exploitations. “When you’re looking at the ‘brain’ of one of these devices, if the software isn’t designed to protect itself and it’s not designed without design flaws and without vulnerabilities and implementation bugs in it — which we’ve seen — then it will be attacked,” said Gary McGraw, CTO of software firm Cigital.
How can we avoid such cybersecurity exploitations?
In the healthcare sector, two new regulations have been passed on 25 May 2017, which introduce new safety regulations for medical devices within the EU. As a result, manufacturers can keep building revolutionary, state-of-the-art smart devices, although they will need to abide by the new principles of risk management.
Common Criteria Evaluation is an international standard for computer security certification. By thoroughly evaluating the manufactured devices, let them be healthcare smart tools, or anything else, we can make sure they comply with international regulations, and most importantly, they are built with cybersecurity in mind.
At CCLab, apart from Common Criteria Evaluation, we provide cybersecurity consultation, penetration testing, cybersecurity relevant risk management services and support the security of your product lifecycle management and information security management processes, in order for your medical devices to fulfill the expectations of professionals, and private individuals alike, who are cautious about their personal data.
Want to understand more about medical device cybersecurity? Need to know how you can comply with the latest regulations? DOWNLOAD our e-book on the latest requirements of medical device cybersecurity.
Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.
In the cybersecurity landscape, the Common Criteria Evaluation Assurance Level (EAL) is a critical factor in determining the security posture of a product. The EAL chosen for a product can significantly impact its security measures, evaluation processes, and user trust. This article delves into the importance of selecting the right EAL and the consequences of misjudgment and provides a step-by-step guide to aid in this crucial decision-making process.
min reading time
Ensuring the trustworthiness of IT products and systems is essential for users and the broader digital ecosystem. One critical aspect of this assurance comes from the evaluation and certification processes defined by the Common Criteria Protection Profile (CC PP) library. In this article, we delve into the significance of Protection Profiles in the certification process and explore some of the most common profiles contributing to information security's robustness.
min reading time
The annual International Conference on Common Criteria (ICCC) stands as a high-level technical conference. Celebrating its 21st year, this event provides a platform for professional networking and discussion forums on CC policy and implementation for those involved in the specification, development, assessment, certification, and validation of IT security for products and systems.
min reading time