Regulations in healthcare oblige medical equipment vendors to focus on developing next-gen technology – not addressing the cybersecurity issues present in current technology, according to a report from TheRegister.com at Israel Cyber Week.
Speaking on the topic, Ophir Zilbiger, partner and head of the BDO Cybersecurity Israel consultancy, confirmed that healthcare presents a significant risk to privacy due to the data that is held. Limited budgets, according to Zilbiger, mean that hospitals cannot balance their investment in medical equipment with cybersecurity needs.
“Traditional methods of risk assessment don’t really work. In other industries, IT can be tested up to a certain level before they are used. In banking, for example, you can accept a few glitches but when it comes to human life you cannot have that, of course, so there are very strict regulations in terms of change management, testing and quality assurance.
“This creates a problematic situation in cybersecurity because when a medical device has been tested and sold to a hospital, a vendor is focused on creating the future wave of whatever medical devices they are working on,” Zilbiger said. “They are really not investing too much effort into upgrading the previously sold medical devices because of security reasons.
“Hospitals, on the other hand, have their arms tied because they cannot change the settings on medical equipment.”