Saturday, March 6, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Medical device cybersecurity will be rubbish for 20 more years

August 21, 2019
in Internet Security
Medical device cybersecurity will be rubbish for 20 more years
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

“Everything with a power point is probably connected, or will be shortly,” says Christopher Neal, chief information security officer (CISO) of Ramsay Health Care.

“Increasingly that connectivity is critical to patient care,” he told the Gartner Security and Risk Management Summit in Sydney on Monday.

You might also like

Cyberattack shuts down online learning at 15 UK schools

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

Even if those connected devices aren’t transmitting patient medical data, increasingly they’re conveying information about their own health.

Yet those medical devices can be incredibly vulnerable.

Neal saw this first-hand in the medical village at the DefCon cybersecurity conference earlier this month. Hackers were let loose on the kind of equipment you’d expect to find in hospital patient rooms.

“The most fun I saw was [when] a guy sat down at an ultrasound machine,” he said.

“Within about 30 seconds of connecting he had shell, unrestricted Powershell access to that system through a vulnerability in the file manager that’s on the platform.”

The US Food and Drug Administration (FDA) has been issuing cybersecurity guidelines for several years. Australia’s Therapeutic Goods Administration (TGA) issued its own Medical device cyber security guidance for industry last month.

“There’s good guidance, but any systems built with that guidance are probably three to four years away from market, and most of this gear’s built to last 10 to 15 years,” Neal said.

“Anything you’re buying today has not been built secure-by-design, most likely. This is a problem that’s going to live in healthcare for another 15 to 20 years.”

You can’t secure it if you don’t know it’s there

Ramsay is Australia’s largest operator of private hospitals, with 30,000 staff and around 9,500 beds. Their set-up seems typical for a health care provider.

When he started there, Neal found a “not wonderful understanding of where IT systems are at, what’s connected”. There were “varying levels of support and understanding” of what devices are in place, with no centralised fixed asset list.

Each hospital also runs as its own entity, with its own chief executive officer. That works against consistency across the organisation.

While the architecture of the corporate network is flat, each hospital’s medical networks are meant to be compartmentalised using DMZ networks.

“If you don’t know about it you can’t secure it,” Neal said, so he launched a project to map all the devices across the organisations 74 hospitals.

A trial run with three hospitals took three months to complete, so clearly automation was needed. Neal chose the Forescout device visibility and control platform.

“Did we find a lot more equipment with default credentials, default configuration, sitting not on the corporate network but in those DMZs? Yes, we found a lot of that,” he said.

“I see visibility as the foundation to being able to start stitching things together.”

Ramsay isn’t ready to move to a zero trust model for cybersecurity, however. Being able to make that move “depends on IT maturity more generally, how the organisation broadly sees and values IT”.

According to Neal, at Ramsay “there’s an IT and organisational maturity that’s a long way off”.

“For a very mature IT organisation, you can probably get it done in two or three years,” he said.

“Looking to do it any faster than that in any large-ish organisation you’re more likely to break things than fix them.”

Related Coverage

Analysing your sweat could be the next big thing in health tech

Sweat sensor technology is opening up a whole new frontier for both optimising sports performance and medical monitoring.

Sydney healthcare clinicians turn to data analytics to improve back pain treatments

In a move to reduce opioid prescriptions, Sydney Local Health District has developed an app with Qlik to help treat lower back pain.

Pharma companies are counting on cloud computing and AI to make drug development faster and cheaper

Hyperscale cloud providers AWS, Microsoft and Google are working with biotech and pharma firms to use AI and cloud computing to improve the odds of creating a successful new drug.

Wi-Fi is not actually bad for your health, scientists say (TechRepublic)

Wireless electronics have used 2.4 and 5 GHz radio frequencies for years. These are not harmful, nor is any property unique to Wi-Fi harmful, according to new scientific evidence.

Credit: Zdnet

Previous Post

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

Next Post

Boosting Computing Power With Machine Learning for the Future of Particle Physics

Related Posts

Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
These two unusual versions of ransomware tell us a lot about how attacks are evolving
Internet Security

These two unusual versions of ransomware tell us a lot about how attacks are evolving

March 6, 2021
Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers
Internet Security

Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers

March 6, 2021
Next Post
Boosting Computing Power With Machine Learning for the Future of Particle Physics

Boosting Computing Power With Machine Learning for the Future of Particle Physics

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Facebook enhances AI computer vision with SEER
Machine Learning

Facebook enhances AI computer vision with SEER

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
Hands-on Guide to Interpret Machine Learning with SHAP –
Machine Learning

Hands-on Guide to Interpret Machine Learning with SHAP –

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
Revolution by Artificial Intelligence, Machine Learning and Deep Learning in the healthcare industry
Machine Learning

Revolution by Artificial Intelligence, Machine Learning and Deep Learning in the healthcare industry

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Cyberattack shuts down online learning at 15 UK schools March 6, 2021
  • Facebook enhances AI computer vision with SEER March 6, 2021
  • Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments March 6, 2021
  • Hands-on Guide to Interpret Machine Learning with SHAP – March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates