Integration of cyber security in healthcare equipment

Abstract

The expansion of digital technologies in operational technologies (OT) has significantly supported the development of new features and capabilities. However, the integration of information technologies (IT) in such environments, has also led to the inheritance of cyber security risks. This has also created new potential operational risks due to the fact that operations are controlled by a computer or digital device. Most of the equipment, such as from healthcare, that has IT systems embedded and performing certain processes, is subject to vulnerabilities and prone to cyber-attacks similar to computers. The developing capabilities and integration of IT in various operations offers the capability to introduce new features and monitoring capacity that were not possible before, or had a very high cost. The applications and integrations are countless, and do bring improvements for the society, both for the healthcare providers, as well as for the patients. However, the healthcare systems were designed with the focus on operation and safety. The security concept was not always known or taken into account due to the technologies used before. In addition, if we refer to healthcare equipment that uses nuclear or radiological sources for treatment, then safety, as well as security, should be of core importance. Even if there are certain cyber security prevention or monitoring capabilities that are possible to be enabled in some devices, these were not always used due to the perceived high risk of an operational risk. Recent research has proven that the compromise of an OT via a cyber security attack is possible, and thus, security controls and mitigation are not to be neglected anymore [1]. In this paper we will look into the current issues that cyber security risks could create to operational technologies, with a focus on the healthcare sector.