The safety of biomedical equipment in the face of certification issues
In recent times, there has been an increase in computer attacks directed at health facilities in general.
This has been observed on several levels, particularly with many at risk of compromise and even intrusions of equipment used for biomedical services. 2019 had already laid the groundwork for this interest that cybercrime has devoted to these health systems.
This article will also interest you: Smart Hospitals Face the Reality of Cybersecurity
As hospitals are increasingly connected, the range of traditional biomedical tools (sonographers, cardiographers, CT scanners, etc.) is increasingly connected. now happens to be involved in Internet-connected objects. Connectivity was supposed to make it easier for our establishments to operate. But today the reality brings us back to a very obvious situation that of security. The proliferation of cyber-malicious acts clearly demonstrates the difficulty of closing security loopholes.
In this context, certification seemed to be a way to improve this security. However, controversy remains on the issue. Indeed, some of the specialists continue to believe, even claiming that this is a hindrance to the security of these biomedical equipment. Asked how difficult certification makes it difficult to secure biomedical equipment, Renaud Bidou, Trend Micro's Technical Director for Southern Europe, said: "Certification requirements require that biomedical equipment be not tampered with by those who acquire them, at the risk of losing certification and warranty. As a result, it becomes impossible to install security solutions after the fact (antimalware, anti-ransomware, etc.). However, as these devices are increasingly connected (the ability to plug in a USB key and exchange data) increases the risk of virus contamination. Even biomedical equipment presented as very safe remains exposed to a possible security flaw. When it is discovered, the facility must turn to the manufacturer to deploy a fix, which may take time as tests must be carried out to ensure that any hazards are removed. Since the device must continue to operate, the vulnerability remains until everything has been put back in order. Biomedical equipment that did not have SSL could also be added to their facility and continue to communicate in plain language with the IGH. They are thus exposed to data theft, flow tampering, a lack of confidentiality, etc. And once biomedical equipment can exchange data with the SIH, it is the entire infrastructure of the institution that is weakened. ».
In other words, we find ourselves in a situation where it becomes difficult to add security solutions to equipment. This makes them naturally vulnerable. But according to the trend Micro expert, it is not impossible so I have a solution. He advises two safe approaches for biomedical equipment:
– restoration of a security control for the entire network to take into account the firewall, with activities to prevent cyber attacks. This must be done in a health sector-specific context. Be careful not to lose data and affect network performance;
– periodic testing of unconnected equipment. The goal will then be to ensure that these devices do not contain malware. As you might expect, it only takes a simple USB stick to introduce into unconnected equipment, a malware that can in the long run affect its performance or even contaminate other devices. And to do that you don't have to have high computer skills. The physical safety of these devices should also be ensured in some way. Because it only takes a crooked collaborator to succeed in the contamination. Vigilance is therefore required from all sides.
But beyond all this, it would seem that the best way to effectively protect its biomedical equipment and think about how to strengthen their security since their conception. "The ideal is to integrate a safety solution right from the design of an equipment. This solution must meet the constraints of equipment performance and network resources. concluded Renaud Bidou.
Now access an unlimited number of passwords:
