default banner

Hospitals are no exception and are increasingly becoming the prey of cyber-attacks and ransomware with an escalation of cyber-attacks against healthcare facilities in recent years. In France, the National Agency for Information Systems Security (ANSSI) revealed that a total of 27 hospitals were targeted in 2020.

The hospital environment is no longer only a care center but an interconnected universe that cannot function without digital technology. This is often referred to as Digital Health or Health Tech.

Patient records are fully computerized and stored in the cloud. Patient data are among the most valuable. Security must therefore be as uncompromising as possible. Sensors used in hospitals carry sensitive information about patients and are sometimes vital. Malicious attackers could potentially hack into those medical IoTs and possible retrieve data from a patient.

Medical equipment (imaging, robotics, etc.) and even building management are also part of that new connected healthcare environment. Like with any IoT, attackers could target medical equipment, MRI scanners, insulin pumps, or automatons of all kinds used in healthcare facilities, putting lives directly at stake.

The Internet of Medical Things (IoMT) has several vulnerabilities and fortunately, medical devices can be secured against attack as well as patient data security and privacy.

Healthcare

The specific security challenges for IoMT (Internet of Medical Things)

  • Secure Boot
  • Authenticity of the data
    • Guarantee that the data received by the monitor are not modified between the probe and the monitor
  • Secure Communications Protocol (TLS, IPSec)
    • Offer the capability to securely (encrypted and authenticated) send the data to other devices and systems.

 

Many assets need to be protected such as:

  • Sensors,
  • Monitors,
  • Patient implants.

 

Healthcare Security Solutions

ehealthSecure-IC has expertise in healthcare cybersecurity with the protection of health applications, medical equipment and sensors. To be attack-resistant, Secure-IC implements a secure root of trust to ensure data security and authenticity as well as secure communication protocols.

Secure-IC’s PESC approach is built on a portfolio of security products and services that, when combined, create a deep security by design that protects the very foundation of your industry.

Protect
Evaluate
Service & Certify
Protect
  • Securyzr iSETM to protect connected medical devices is compliant with certifications for secure remote connectivity and management with TLS/Secure protocol requirements and firmware stack.
  • SecuryzrTM full Software for legacy/already installed devices.
  • Secure-IC’s PUF for ID Management for all devices in the fleet (hardware and software)
  • Securyzr ServerTM for lifecycle management, device onboarding and offboarding, secure firmware update over-the-air
Evaluate
  • LaboryzrTM: Security Evaluation
    • Hardware Trojans detection
    • Reverse engineering protection verification
    • Hardware/software penetration testing
    • LaboryzrTM includes 3 tools:
      • AnalyzrTM, evaluation tool to validate the security level of real physical chip/boards after foundry tape-out that enables ISO/IEC 17825, 20085
      • VirtualyzrTM, an EDA Tool to assess the security design verification at all design levels (RTL, Post-Synthesis, Place & Route and Layout)
      • CatalyzrTM, software tool to evaluate software code vulnerability with static and dynamic analysis
Service & Certify

Standards & Certification to consider in Healthcare

Several standards have been developed and are applicable to the Healthcare Industry as well general certifications like FIPS 140-3, OSCCA or Common Criteria.

As a security expert, Secure-IC supports companies and governments wishing to acquire and strengthen these certifications; whether through collaborative projects, tutorials, trainings or operational consulting.

Healthcare Specific Standards:

  • SESIP
  • GP TEE
  • IEC 62304-2006
  • ISO/IEC 27032
  • IEC 82304-1
  • ISO/TR 80002
  • ISO/IEC 8001
Contact