Andy Bridden
IoT security consultant, PA Consulting
Andy is an Internet of Things and cyber security consultant delivering complex projects for customers across a broad range of industry sectors including healthcare, transport and logistics, utilities and retail. Passionate about leading edge technology with a broad spectrum of commercial, project management and technical skills. Andy spent 30 years working for a leading fixed and mobile telecommunications provider in the UK prior to joining PA Consulting. Andy is a Chartered Engineer and Chartered Project Professional.
ABSTRACT
“Securing the Internet of Medical Things”
Medical device and equipment manufacturers are adding connectivity to their devices to enhance functionality and performance. This trend is a subset of the Internet of Things called the Internet of Medical Things (IoMT). The benefits of IoMT to patients and healthcare providers can be transformative as complex medical conditions can be controlled and monitored remotely. The benefits to patients and healthcare providers are significant with the technology enabling care to be delivered cost effectively in the home, for example.
As medical devices move from being isolated to being connected cyber security risks come to the fore. There are several notable examples of medical devices being compromised over wireless links although fortunately, to date, no patient has been harmed as a result. Many medical device manufacturers and pharmaceutical companies do not have the relevant expertise in house to develop secure connected products.
To add to the complexity most solutions consist of multiple elements all of which need to be secured. Cloud services, medical devices, mobile apps and network connectivity all have a part to play in delivering a solution.
The regulators in the EU and US are beginning to address the cyber security gap for medical devices with new directives and guidance coming into force. However, navigating the applicable standards, guidance and regulations is a complex task.
There are some significant differences between securing a medical device and a typical IoT device as patient safety, human factors and the approach to risk management is different. These differences are highlighted with some examples.
There is no unified standard or approach for cyber security in medical devices so the presentation outlines an approach to provide a way forward for cyber security professionals working in the field.