Will Medical Device Security Risks Grow?Symantec's Rob Potter on Health Data Security Trends for 2016
Cybersecurity risks to medical devices will become an even more critical issue for healthcare organizations to address next year, says Rob Potter, vice president of public sector at security software company Symantec.
Increased awareness of threats to medical devices, a component of broader concerns about the "Internet of Things," is being driven in large part by recent headlines about white hat hackers and independent researchers who have discovered how certain networked medical devices can be easily compromised, he notes (see Report Spells Out Medical Device Risks).
Medical device cybersecurity is "the biggest area where I think you will see change in the next 12 to 18 months," he predicts in an interview with Information Security Media Group.
"Having trust in the infrastructure of hospitals is a critical thing," Potter says, and that includes all medical devices, ranging from infusion pumps to medical imaging equipment. "I want to have trust that the right amount of drug is being pumped into me, or that it's my [medical] image," he says.
In August, the Food and Drug Administration, in an unprecedented move, urged hospitals and others to discontinue use of the Symbiq line of infusion pumps from medical device maker Hospira after independent researchers discovered vulnerabilities in those devices that could allow an unauthorized user to control the device and change the dosage of medication the pump delivers (see FDA: Discontinue Use of Flawed Infusion Pumps).
The Allure of Patient Data
Another trend for 2016, Potter predicts, is that cybercriminals will continue to focus on stealing health information because of its perceived high value.
A string of major hacking breaches in the healthcare sector this year has included, among others, an attack on Anthem Inc. that potentially compromised the data of nearly 80 million individuals, and a hacking attack on UCLA Health, which impacted 4.5 million people.
Patients records contain "valuable financial data ... and that only puts medical providers closer to the center of the target" for cybercriminals, Potter says.
In the interview (audio link below photo), Potter also discusses:
- The challenge of finding security expertise in the healthcare sector;
- The role that CISOs can plan in making boards more aware of cybersecurity issues;
- The biggest security and privacy challenges facing healthcare providers.
Potter has more than 20 years of experience in information technology and security. Before joining Symantec, Potter held various leadership positions at Lanscope, RSA and IBM.