Rob Suárez, VP, Chief Information Security Officer for BD
In recent months, the healthcare industry has seen an unprecedented increase in cyberattacks, from threat actors masquerading as trusted entities, to attempts to disrupt the development of COVID-19 diagnostics, therapies and vaccines.
In 2021, cyberthreats against the healthcare industry will likely continue. To be secure, medical device manufacturers and healthcare providers will need to go beyond defensive cybersecurity strategies and incorporate cyber resiliency. While defensive tactics focus on preventing attacks, resiliency strategies help organizations recover from cyberattacks more quickly. In today’s environment, we must be both: secure and prepared.
As more organizations in healthcare embrace these complementary priorities in 2021, we can expect the following cybersecurity trends to emerge:
Increased adoption of threat modeling. Threat modeling is the practice of identifying and prioritizing potential cybersecurity threats and mitigations for the purpose of protecting something of value. In the case of healthcare, we’re protecting patient safety, as well as patient privacy. Threat modeling involves looking at a medical device with a fresh perspective and asking, “What could go wrong?” While we design BD products to be secure, threat modeling helps us uncover and examine potential risks, including risks related to third-party applications or limited to specific use cases. What we learn from this process helps us improve product security and allows us to proactively share mitigations and cybersecurity best practices with our customers.
Improved collaboration across the healthcare industry. Collaboration makes us stronger. That is why BD maintains a culture of transparency and collaboration with customers and industry stakeholders. We actively participate in multiple collaborative efforts, from the Healthcare and Public Health Sector Joint Cybersecurity Working Group to the International Medical Device Regulators Forum, the Medical Device Innovation Consortium Cybersecurity Steering Committee, and AdvaMed. These types of collaborations serve to amplify emerging threats, accelerate knowledge sharing, and help the healthcare industry progress toward cybersecurity maturity.
Greater transparency in the name of patient safety and patient privacy. Along with increased collaboration, we anticipate seeing more medical device manufacturers transparently sharing vulnerabilities in the year ahead – not only because doing so aligns with guidance provided by the U.S. Food and Drug Administration (FDA) Postmarket Management of Cybersecurity in Medical Devices and the Healthcare and Public Health Sector Medical Device and Health IT Joint Security Plan, but also because transparency will no longer be taboo. Transparently sharing vulnerabilities, along with compensating controls and mitigations, will be more widely recognized as an industry best practice that healthcare providers expect from every medical device manufacturer.
While we can’t foresee all that 2021 will bring, we can be confident that building greater resiliency into our cybersecurity practices will serve both the industry and patients. For more information about our approach to cybersecurity – and additional trends we expect to see in 2021 – access the BD 2020 Cybersecurity Report here: https://cybersecurity.bd.com/helpfulresources.