A recent vulnerability in Illumina’s gene sequencers sheds light on the dangers posed by cybersecurity threats plaguing the medical field. The flaw, discovered during an internal review by the equipment maker, allows hackers to breach the system, and access sensitive data and manipulate it at the operating system level. According to Josh Corman, VP of cyber safety strategy at Claroty, such vulnerabilities pose specific risks since “anything that touches DNA” could wreak havoc on digital forensics and cancer treatments, or tamper with evidence for (or from) crimes.
On the bright side, the incident also demonstrates the positive impact of legislation meant to enhance cybersecurity in medical care in advance of such vulnerabilities. The omnibus federal budget bill passed in December 2021, changed requirements for medical devices manufacturers, requiring a software bill of materials, a plan to address post-market vulnerabilities and a secure development lifecycle. The National Cybersecurity Strategy from the Biden administration also demanded tighter cybersecurity measures and even potential liability for negligent organizations. The Protecting and Transforming Cyber Health Care (PATCH) Act requires security-conscious planning and development on medical devices makers. In response, the Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) will provide organizations with safety strategies.
However, vulnerabilities in the software of DNA sequencing and synthesis create unique threats. Genomic sequencing devices, especially, process a lot of health data, making them valuable targets for cybercriminals, says Mohammad Waqas, principal solutions architect for healthcare cybersecurity company Armis. The interconnectedness of medical devices exacerbates the potential fallout, with the possibility of a single breach spreading through the entire network.
Medical device manufacturers and healthcare organizations must work together to mitigate threats to the healthcare system properly. Addressing visible assets, cross-team collaboration, and risk remediation would go a long way in protecting privacy and even human life. While cybersecurity threats to medical devices may persist, anticipating and tackling these risks would undoubtedly enhance patient care.
Keyreplaces: DNA sequencing, cybersecurity, genomic technology, vulnerability, cyberattacks.
<< photo by National Cancer Institute >>
You might want to read !
- “Apple and Google’s Proposal for Unified Safety and Security Standards: Is Privacy still a Concern?”
- US investigates potential cybersecurity threats posed by Rockwell Automation’s China operations
- The Power of Identity: How Prioritizing Identity Protection Can Prevent Critical Infrastructure Attacks
- “Google underscores commitment to privacy with enhanced security measures in Gmail and Drive”
- Corporate Insurance Policies Under Scrutiny After Court Rejects Merck Insurers’ Attempt to Refuse Coverage for NotPetya Damages
- “Apple’s Swift Response to Security Threats: A New Era of Timely Protection”
