search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Clinical engineering


can be dangerous and high risk if not monitored for drift in real time. Therefore, there needs to be effective governance to ensure this risk is mitigated.


Cyber risks and MedTech Chad Holmes, from Cynerio, who describes himself as a “security evangelist”, raised the issue of cyber security and MedTech. He highlighted some of the ways that clinical engineers could help to tackle the cyber risks in the NHS: “The reality is clinical engineers are focused on making sure devices are operational. While they may realise they need to be cyber security conscious, they are probably not assigned many cyber security specific tasks. They may have to patch a device but, because they are the life blood, when it comes to medical devices, we must find ways to get clinical engineers more involved in the cyber security process,” he commented. In its 2023 State of NHS Trust IoT Device


Security Report,Cynerio highlighted that cyber threats to NHS Trusts stemming from IoT devices are likely to grow in the near future. The report found that the average NHS Trust currently has over 2,500 connected devices. From telephones and printers to critical patient systems, including infusion pumps and patient monitors, there are typically thousands of devices – many of which are not properly patched, secured or blocked from unnecessary network communications. The data showed that 46% of medical


devices had at least one known risk with 11.7% of devices having at least one critical risk. Among the devices most impacted by critical risks were those closest to patients – including devices focused on managing radiation doses, treating cardiovascular diseases and imaging patients. The report added that, due to planned onboarding of additional devices in the near future, it is likely that risks will quickly rise due to the increasingly connected deployments of those medical devices. The report also found that many devices are unexpected, with surprising origins. Consumer electronics from manufacturers like Amazon (Alexa, Kindle and Tablets), Sony (Smart TVs and Playstations) and even Tesla are routinely found


The latest technology innovations were showcased at EBME Expo, while managing risk was high on the agenda – from patient safety and AI, to cyber security and inventory management.


communicating on NHS Trust networks. “On average, for every bed in your hospital,


you have ten to fifteen IoT devices that you may not even know about. About half of those (46%) have at least one known risk – it’s an open risk, it’s unpatched, it’s vulnerable to attack. 11.7% in NHS Trusts have a critical risk, meaning if that device was attacked it’s going to impact the device, the patient, the finances, and the availability,” Chad commented. Other report findings included the fact that common risks with known fixes are widespread. Attacks ranging from DNS Poisoning to Ransomware often stem from vulnerabilities with known fixes that simply have not been applied. Hundreds of devices containing vulnerabilities – including DNSpooq, EternalDarkness and Ripple20 – are unaddressed, despite known fixes, and enable common attacks like ransomware. “We have technology that provides life-saving and life-improving care and we have put it online quickly because the more data we get from it, the better we can treat our patients. But there hasn’t been enough thought given to the security challenges,” Chad warned. “The bad news is that healthcare, worldwide, is about ten to fifteen years behind the times in terms of securing its environments. The good news is that there are industries that are ten to fifteen years ahead that


On average, for every bed in your hospital, you have ten to fifteen IoT devices that you may not even know about. About half of those (46%) have at least one known risk – it’s an open risk, it’s


unpatched, it’s vulnerable to attack.” Chad Holmes, Cynerio


46 www.clinicalservicesjournal.com I September 2023


we can learn from.” Some of the strategies that can help include


techniques such as network segmentation. “If you have 1,000 IV pumps, they should not be


talking to each other. There is no value in that – they should be talking to nursing stations. If you see 1,000 IV pumps start to talk to each other, it is probably because there is an attack going on. If we properly protect our networks and properly secure our devices, we can stop attacks that are coming down the line,” Chad explained. He added that the UK is in a better position than many other countries around the globe, especially in comparison to the US. This is due to the experience of the cyber-attack WannaCry, which hit the UK hard in 2017. “You all realised, before anyone else did, that if we put all these devices online, they are going to make us susceptible to an attack,” he commented. “I’m from in the US, where we are putting everything online…We are now attacked four to five days a week in different hospitals, and we have hospitals shutting down because of this,” Chad commented. However, the 2023 State of NHS Trust IoT


Device Security report highlighted the fact that NHS Trusts have a brief moment of opportunity. The rates of critical risk (11.7%) in the UK are nearly five times lower than those found worldwide (53.0%) while the number of devices benefitting from network-level security practices like segmentation (36.7%) are nearly three times lower (92.0%). Anecdotal evidence suggests this is due to conservative adoption of connected devices with a rapid rise in risk as more devices are brought online. Hospitals are planning to roll out many more


devices that are connected, as they provide better care. The UK healthcare sector needs to establish how these devices can be onboarded


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76