All organizations are undergoing digital transformations – implementing technologies to innovate, be more efficient or competitive or reduce expenses. I've recently had a personal "digital transformation" myself - an implantable pacemaker due to a low heart rate I had for several years. I'll admit I've had mixed feelings during this experience. My family now calls me Iron Man, the Bionic Man and the Energizer Bunny and I'm good with that.
A "friend" said he was sending his hacker buddies after me. Funny guy. However, there's some irony and truth here. For example, there was the 2017 recall by the US Food and Drug Administration (FDA) of nearly 500,000 implantable pacemakers because of their potential vulnerability to hacking. An FDA advisory issued in early 2017 confirmed the potential for an attacker to remotely access a patient's device by altering the transmitter. This access might allow the hacker to drain the battery of the implantable device or to cause it to administer inappropriate shocks, the agency noted. It was also reported in August 2018 that a security flaw in another brand of pacemaker makes it possible for hackers to take control of the device and deliver malware to the computers implanted in someone's chest.
Suddenly, these threats became very real and personal to me. And as the use of internet-connected implantable cardiac devices and many other technologies making up the Internet of Medical Things (IoMT) grows, more security risks likely lie ahead for many organizations.
So, how do we adequately safeguard these technologies that are at the heart of digital transformations occurring today? Results of interviews with senior executives, and featured in a report by Ovum Consulting, "Managing Digital Risk - A Blueprint for Safeguarding Digital Transformation Initiatives," showed varying points of view on the topic, yet over half of interviewed organizations address security either up-front or in the design phase of their digital transformation projects. The report, sponsored by RSA, also highlighted confidentiality, data integrity and availability as critical concerns, and the need for a strong link between the functions of information security, risk, and IT to move forward.
I imagine that over the 12-year lifespan of my pacemaker the cybersecurity and threat landscape will change, so I whole-heartedly agree with Leslie Saxon, MD, executive director of the Center for Body Computing at the University of Southern California, when she says that cyber security for implanted devices should be treated as a continuous quality improvement process. "From the time it's on the drawing board until it's manufactured, and while it's in the patient's body, it has to be a continuous process of cyber-enhancement and security," she said.
I learned from my cardiologist that over time my pacemaker will adjust to my body and vice versa. Its algorithms and pacing of my heart will be refined to me personally. I appreciate that this technology is not a 'one size fits all'. I also appreciate the continuous improvement of security over my pacemaker - new innovations, firmware updates and patches, and evolving data privacy safeguards all make me feel better about this new technology that's become part of me.
My digital transformation is a new normal for me. I'm trying to embrace it so that it will improve my quality of life. I'm also learning I have a role to play. I now have access to my data through an application on my mobile device that monitors my heart rate. I can transmit my data wirelessly to my doctor or communicate symptoms if I have a problem. I have more ownership over my wellness, but also more responsibility. Digital risk affects my life very personally, so I'm grateful to all those who help manage that risk. As the Ovum report states, digital risk is not only about technology, but the people who manage it.
# # #
Join the upcoming webinar, "The Impacts of Digital Transformation in Healthcare," to hear a discussion on the top digital risks disrupting cybersecurity and risk management practices in the healthcare industry. You will also hear from a top executive at a leading healthcare firm sharing best practices on how to manage them.
Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity
Author: Patrick Potter
Category: RSA Point of View, Blog Post
Keywords: IoT, Healthcare IoT, Digital Risk, Digital Risk Management, Digital Transformation