Latest news: cybersecurity in medical devices

Cybersecurity firm Cylera has secured a foothold in the Middle East by partnering with Oman telecommunication provider Omantel. 

The internet of things (IoT) cybersecurity company offers a solution to protect patient data and mitigate risk of cyber-attacks, with a platform for asset management, risk analysis and threat detection. The system provides a centralised dashboard for IT teams to view, profile, manage and risk assess all an organisation’s connected devices. 

Omantel, the largest integrated telecommunications service in Oman will play a major role in the digitalisation of the country.  Oman is embarking on an ambitious project to construct 11 new hospitals in response to its expanding population. The Ministry of Health is leading this initiative to cater to the healthcare needs of both Omani citizens and residents. Scheduled for completion between 2023 and 2025, the hospitals will be strategically located in different regions of the country.

A GlobalData Thematic Research report, Cybersecurity in Healthcare for 2022, has forecasted cybersecurity in medical devices to grow at a compound annual growth rate (CAGR) of 7.3% from $869 million to $1.23 billion between 2020 and 2025. The report showed in the same period, cybersecurity spending by healthcare providers and payors would grow slightly faster, at a rate of 8.1%, from $4.59 billion to $6.77 billion. According to Cybersecurity Ventures, the cost of global cybercrime is expected to reach $10.5 trillion annually by 2025. 

Timur Ozekcin, CEO of Cylera said, “The increased global usage of IoT and the internet of medical things (IoMT) in healthcare settings is critical to helping improve patient care and safety. However, with these organisations being a continued focus for cybercrime, hospitals must be able to view and map their entire connected landscape including their unmanaged and unknown devices, to efficiently assess risk”. 

In 2020 it was estimated that 646 million new and legacy devices worldwide were connected to hospital networks. The uptake reaffirms the need for cyber protection as attackers seek vulnerabilities rather than attacking all potential weak points indiscriminately. 

The deal strengthens Cylera’s presence in the Middle East following rollouts of the company’s cybersecurity and asset management platform in the UK, US, and Europe. 

The UK and Israel have announced the signing of a new roadmap for UK-Israeli bilateral relations. The roadmap will deepen tech, trade and make the country a driving force in the cybersecurity industry by 2030. 

The roadmap is designed to deepen cooperation between the UK and Israel. Both countries will benefit from increased investment to strengthen cybersecurity capacity and foster tech innovation. 

“Israel has long been a pioneer in digital forensics and cybersecurity. The investment made in terms of people and funding, over time, has proved highly successful in recent years and has made the country a driving force in the cybersecurity industry,” Jake Moore, global cybersecurity advisor at global digital security company, ESET, told Verdict. 

The roadmap comes with £20m of joint funding that will go towards technology innovation to enable both countries to stay globally competitive. 

“The constantly evolving ecosystem built to respond and prevent threats has made the country synonymous with cybersecurity. 

The investment in people has also shown to improve the nation and its capabilities, far greater than seen in the UK,” claims Moore. 

According to a GlobalData Thematic Research: Cybersecurity (2022) report, there continues to be an ongoing shortage of cybersecurity skills. 

There is currently a 65% workforce shortfall in the global cybersecurity space. This agreement between the UK and Israel is vital in closing this gap.  

New laws passed by the US government which came into effect on 29 March 2023 gives U.S. Food and Drug Administration (FDA) authorisation to require cybersecurity adjustments in submitted medical devices. The requirement will take effect 90 days from the law being passed, giving vendors until October 1, 2023, to prepare submissions meeting the new standards. 

In its newly issued guidance for cyber devices, the FDA have said they intend not to issue ‘refuse to accept’ (RTA) decisions for cybersecurity shortcomings to vendors who submitted before this deadline. The agency plans to work collaboratively with sponsors as part of the review process to meet the new laws passed in the Consolidated Appropriations Act, 2023 by the US Senate. 

By October this year, the FDA expects submissions to meet the new requirements, citing sponsors will have had sufficient time to prepare their premarket submissions. For submissions that do not tick the cybersecurity boxes, the FDA will duly issue RTAs. 

Cybersecurity is becoming a more pertinent concern as more medical devices become connected to the internet, healthcare systems, and other digital devices. As connectivity and digital integration become an increasingly common feature in medical devices, security risks increase too. Data breaches are one of the main concerns – medical health records, insurance details and payment information could all be leaked. 

According to GlobalData, between 2020 and 2025, cybersecurity in medical devices is forecast to grow at a CAGR of 7.3% from $869mn to $1.23bn. Inextricably linked will be the money spent by healthcare providers and payors to ensure digital safety too – this will grow slightly faster at a rate of 8.1%, from $4.59bn to $6.77bn.