The security conversation on connected medical devices is far from over

Our cyber security columnist, Davey Winder, explains why security conversations surrounding connected medical devices are not over yet. On the positive side of the connected-device security landscape fence sits the Product Security and Telecommunications Infrastructure (PSTI) Bill which, as of 23 March 2022, according to the parliamentary bill’s status site remains at the report stage. I’m skeptical not least because while the Medicines and Healthcare products Regulatory Agency (MHRA) has oversight when it comes to the safety, quality and performance of medical devices, there’s a world of difference between measuring clinical effectiveness and potential cybersecurity vulnerability. Research found 75% of medical IoT devices had known security gaps “To prevent attacks, healthcare organisations must ensure that every device is safe, reliable, secure and safety certifiable,” Holyome continues, and that includes “IoT-connected medical devices such as ventilators or robotic surgery arms.” T The latest security guidance for healthcare providers when it comes to procuring and deploying connected medical devices (CMDs) includes legacy devices with ‘inadequate’ support.