Medical Devices blog by Health-ISAC VP, Medical Device Security, Phil Englert
In today’s healthcare landscape, medical devices are no longer isolated instruments. They are networked, data-rich systems integral to patient care. As these technologies become more connected, they become more vulnerable to cyber threats. The risks are real and growing, from ransomware attacks that disable imaging systems to vulnerabilities in patient monitoring systems that could be exploited remotely and render remote monitoring inoperable. Though not identified in the wild, it has been demonstrated that it is possible to alter the medication flow of infusion pumps.
Healthcare technology management (HTM) leaders must move beyond reactive security measures and build a proactive, measurable cyber resilience program to address this challenge. But how do we measure resilience meaningfully to executives, clinicians and technical teams?
The answer lies in metrics. In 2011, MITRE published the Cyber Resiliency Engineering Framework, which offers a structured approach to evaluating an organization’s ability to anticipate, withstand, recover from, and adapt to cyber threats. The framework’s principles (tinyurl.com/mtpaznj9) were updated in 2015 and still apply today. MITRE, in partnership with the National Institute of Standards and Technology (NIST), created the original cyber resiliency framework, NIST Special Publication Developing Cyber-Resilient Systems: A Systems Security Engineering Approach (NIST SP 800- 160v2r1).
🛡️ MITRE’s Four Core Resiliency Goals
The CREF defines cyber resiliency as the capacity of systems to continue operating under adverse conditions, including cyberattacks. This capacity is measured against four key goals:
-
Anticipate 2. Withstand 3. Recover 4. Adapt
Read the full blog in TechNation. Click Here
