Security testing lab for medical devices coming to the UK soon

Security testing lab for medical devices coming to the UK soon

The Medical Device Innovation, Safety and Security Consortium is set to open a new security testing lab in the UK to address existing cyber security issues in medical devices at healthcare organisations.

The new security testing lab in the UK will run medical devices through tough and realistic test regimes to uncover their security vulnerabilities.

At the same time, the security testing lab (which is otherwise known as WHISTL: World Health Information Security Testing Lab) will also thoroughly vet critical care environments like operating theatres, Intensive Care Units and emergency rooms for vulnerabilities.

U.S. healthcare industry in critical condition, says cybersecurity task force

The Medical Device Innovation, Safety and Security Consortium (MDISS) already runs a WHISTL facility in the United States and is aiming to open one security testing lab each in the UK, Israel, Finland, and Singapore by the end of this year. Each such centre will be independently run by an MDISS-affiliated healthcare organisation, a medical device manufacturer, a university or a technology company.

“Medical devices are still on the frontier of cybersecurity, and security best practices for devices are still maturing. Our new WHISTL facility enables us to run medical devices through tougher, more realistic test regimes. Hidden vulnerabilities surface more quickly, and that helps us build more responsive standard operating procedures,” said Benjamin Esslinger, CBET manager/clinical engineer at Eskenazi Health.

Pacemakers found to contain 8,000 vulnerabilities including lack of encryption

Even security vulnerability discovered by research teams at MDISS' security testing labs is reported to the concerned medical device managers as well as to the NHISAC-MDISS Medical Device Vulnerability Program for Evaluation and Response.

Along with testing medical devices, these centres also share best practices and solutions to ensure all vulnerabilities are plugged wherever certain devices are in use.

“WHISTL will provide much-needed insight from actual developers and users of medical devices, which will result in increased relevant and actionable information sharing and situational awareness for all stakeholders in healthcare”, said Denise Anderson, president of NH-ISAC, which is a non-profit organisation responsible for the healthcare sector's cyber security in the United States.

WannaCry ransomware exposed vulnerabilities of medical devices in the US

Thanks to a $1.8M contract from the U.S. Department of Homeland Security (DHS), MDISS has been able to build a platform named MDRAP (medical device risk assessment platform) which helps healthcare organisations, manufacturers, and technology companies share device risk assessments. Undoubtedly, this platform will go a long way in helping our healthcare industry uncover security vulnerabilities if the NCSC grants MDISS a similar contract.

“MDISS WHISTL facilities will dramatically improve access to device security know-how while protecting patient privacy and stakeholder intellectual property. Solid cyber-lab governance will support an international-scale network of research and training centers of excellence, designed especially for medical device designers, hospital IT, and clinical engineering professionals,” said Dr. Nordenberg, MD, Executive Director of MDISS.

Source: Med-Tech Innovation

Copyright Lyonsdown Limited 2021

Top Articles

WhatsApp's New Privacy Policy Deadline Has Arrived

At the start of 2021, WhatsApp announced its privacy policy updates, sparking outrage and backlash from its consumers as WhatsApp will share personal information with its parent company, Facebook.

Overcoming the security challenge in remote working environments

The pandemic has changed the way we work. Remote working is no longer a nice-to-have for organisations, but a necessity especially if they want to attract the best talent.

President Biden pens Executive Order to boost US cybersecurity

US President Joe Biden signed an Executive Order this week to boost the cyber security of federal government systems and data.

Related Articles