Dutch medical device giant Royal Phillips announced recently the introduction of a new and unique service suite in the healthcare sector, comprise of an end-to-end suite of technologies and services to safeguard hospitals and clinics medical systems, devices and related software solutions. The new services is based on a strategic partnership Philips has entered into with the Israeli medical cybersecurity company CyberMDX, which has developed a platform that provides visibility and protection for all medical devices connected to the hospital network.
Based on CyberMDX’s platform and Philips’ expertise and resources, the two companies will offer a holistic solution that includes visibility of the connected medical devices, risk assessment, cyber threat detection, real-time response, and an around-the-clock monitoring through a Security Operations Center (SOC), to ensure the operational continuity of the hospital. The service will be launched first in North America and expand to other countries throughout 2021. Phillips is one of the largest medical device manufacturers in the world, alongside companies such as Siemens, GE, and Medtronic. Its revenues in 2019 totaled at 19.5 billion euros and it employs about 80,000 people. Its main product include imaging systems such as CT, mammography and MRI, medical information systems, respirators, ECG, and more. Phillips will offer the services to hospitals agnostically, i.e., regardless of the hospital’s medical device manufacturers.
CyberMDX has developed a machine learning and AI-based cybersecurity platform tailored to the special characteristics of the healthcare sector. The company’s solution is wireless and does not require installation into the medical equipment itself. The platform automatically maps all of the hospital’s network components, including their designation and level of importance, identifies vulnerabilities, and monitors unusual patterns that may indicate an attempted hacking.
Amir Vashkover, CyberMDX’s Business Development Manager, explained to TechTime that this constitutes a strategic collaboration for both companies. “Our system will form the technological platform for Philips’ cyber services, as well as a key anchor for the range of services it offers for managing the medical equipment system. Today, cyber protection is an integral part of the industry. For us, apart from the business-level springboard, the collaboration with a giant such as Phillips, with its expertise in the management and maintenance of medical devices, will allow us to deepen the technological capabilities of our platform”.
A critical alert from the FBI
Similar to the industrial sector, medical centers have in recent years become one of the main targets of cyberattacks, as more and more smart technologies enter the medical realm, resulting in a growing interface between hospital IT networks and connected medical devices. In May 2017, as part of the WannaCry ransomware attack, the UK public hospital network NHS was hit by a computer worm that infiltrated the network’s main servers and infected an estimated number of 70,000 connected devices, including MRI scanners, test tubes, refrigerators, and other medical equipment. Following the attack, the NHS was forced to temporarily stop non-essential services, postpone surgeries, and even shut down several ambulances.
The COVID-19 pandemic only sharpened the vulnerability of hospitals. Last October, the FBI and the Department of Homeland Security issued a stern warning stating that the country’s hospitals were subject to increasing attempts of attacks by cyber-attackers. In September, the Universal Health Services servers was hit by a ransomware attack, which led to the shutdown of the healthcare provider’s hospitals computerized systems nationwide, to the point that physicians were forced to document written medical procedures. Grim example of the risk posed by these cyber-attacks to human lives occurred about two months ago in Germany, when a patient in serious condition who was rushed to a hospital in Düsseldorf, Germany, died after the hospital was unable to admit her because its information systems were disabled due to an attack. And in Israel, a hacking into the servers of the insurance company Shirbit last week led to a leak of confidential medical information of policyholders.
Vashkover: “According to all studies, the healthcare system is today at the top of the list of targets of cyber attackers. This poses a combined risk of information theft as well as a risk to human life. For the sake of illustration, the price of a medical record on the black market is estimated at several hundred dollars, compared to a few dollars for credit card information. Attackers can use medical information to blackmail people, steal identities, and defraud the authorities. A credit card can be revoked and replaced – a medical record cannot”.