Link: https://medium.com/authority-magazine/alex-waintraub-of-cygnvs-on-why-the-us-government-is-getting-serious-about-medical-device-2e05e4588551
In an era where technology is revolutionizing healthcare, medical devices — from pacemakers to insulin pumps to hospital imaging machines — are becoming increasingly interconnected. While these advancements offer unprecedented benefits, they also expose healthcare systems and patients to new cybersecurity risks. Cyberattacks on medical devices can result in compromised patient safety, data breaches, and even loss of life. Acknowledging the gravity of the issue, the US Government is ramping up its focus on medical device cybersecurity through regulations, initiatives, and collaborations with industry stakeholders. As a part of this series, we had the pleasure of interviewing Alex Waintraub of CYGNVS. Alex Waintraub is a cyber security professional and currently the DFIR Expert Evangelist. With over a decade of experience in IT, Security Operations, and DFIR, he possesses in-depth knowledge of security analytics, leadership qualities, and the ability to work with small-or large-scale cyber security teams. He has been a part of CyberSecurity operations for several global retail, commercial, financial, and technology enterprises. He graduated with a bachelor’s in Information Technology and Network Security from NYIT. Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about CYGNVS and your role at the company? Absolutely. CYGNVS is the Latin word for swan. Cyber breaches are common, but cyber crises are black swan events for most organizations. In the age of evolving technology, we know it’s no longer a matter of if a cyber incident can happen — but when. Moreover, The World Economic Forum found that 95% of cybersecurity breaches are caused by human error. The CYGNVS Cyber Crisis Command Center was created to bridge a critical gap in preparedness with a solution that provides a safe, secure, and guided space to swiftly work through a cyber crisis. I am a Digital Forensics and Incident Response (DFIR) professional at CYGNVS. In my role, I lead security operations for our clients to build incident response plans while triaging, validating, and defending against escalations for a range of security incidents. Are you working on any exciting new projects now? How do you think that will help people? We are always working on new innovations to provide organizations with a safe space during the stressful moments of a cyber incident. We built the CYGNVS platform to be a safe harbor by creating an out-of-band system that acts as a secure and separate “war room” to get them back on their feet to safety. We’re extending that secure and out-of-band approach to our incident command center, enabling connection with an ecosystem of trusted experts while allowing organizations to maintain ownership of their sensitive data. Additionally, we’ve enabled legal teams to generate comprehensive regulatory and compliance reports that include incident timelines, risk assessments and other critical data points that are protected and accessible only to designated participants. Through our out-of-band incident command center, lawyers, forensics specialists, insurers, and other expert consultants are available with a click to help businesses respond and recover during a crisis. Ok, thank you. Let’s now move on to our main topic. For the uninitiated, can you explain the nature and scope of cybersecurity threats to modern medical devices? How significant is the risk in comparison to other sectors? Of course. When we talk about medical devices, we refer to various technologies, from simple thermometers to complex machines like MRI scanners. All these devices, big and small, are susceptible to cybersecurity threats. Additionally, the interconnected nature of these devices in a healthcare setting amplifies the risk. For instance, a basic device like a tongue depressor may not pose a cyber threat, but devices involved in treatments connected to remote systems or the cloud can be vulnerable. Cyber threats in healthcare are significant due to the potential for remote interference, data breaches, and the interconnectedness of devices that can cause a domino effect if one system goes down. The risk is substantial, especially when considering the potential impact on patient safety and the integrity of healthcare systems. Threat actors are typically attracted to critical healthcare data, often for the implications of potential financial gain. Research has found that 86% of breaches are financially motivated, and 10% are motivated by espionage. According to the American Hospital Association, healthcare organizations are particularly targeted by cyber-attacks because they possess large amounts of high-value information. Take the 2017 WannaCry ransomware attack, for example. The widespread attack infected 230,000 computers across 150 countries in just hours. The attack also targeted the U.K.’s National Health Service systems, causing cascading issues, including delays in non-urgent surgeries, canceled patient appointments, and the inability to access patient records. Could you highlight some key regulations or initiatives that the US Government has introduced or proposed specifically targeting medical device cybersecurity? How have these been received by industry stakeholders? To address recent breaches within the industry, the 2023 omnibus package signed by President Biden requires device manufacturers to provide key cybersecurity information to the FDA before market release. The FDA, in response, has implemented legally binding guidelines and received a $5 million boost to enforce these rules. With these regulations in place, manufacturers must prove their ability to address cybersecurity vulnerabilities post-market release, including patching and vulnerability disclosures. Industry stakeholders, such as the Medical Imaging & Technology Alliance, have generally welcomed the FDA’s flexibility in implementing these cybersecurity provisions. This underscores the necessity for manufacturers and healthcare providers to proactively plan for potential cyber threats. Implementing a secure out-of-band incident command center is crucial for rehearsing responses to potential cybersecurity incidents. From a manufacturer and healthcare provider perspective, what are the most pressing challenges in adapting to and complying with these cybersecurity regulations? Are there any unforeseen hurdles they’ve had to navigate? While these regulations are necessary, they do pose new challenges for manufacturers and healthcare providers. Some of the most prominent issues include updating devices with outdated operating systems, addressing known vulnerabilities, and ensuring the connectivity and interoperability of devices. The industry as a whole faces the need for additional staff to review cybersecurity information, the development of programs to respond to vulnerabilities, and the release of comprehensive guidance. Plus, requiring a software bill of materials and external testing adds transparency but may be a bit tricky to put into action. With regulations becoming more stringent, do you think this might impede or slow down the innovation of medical devices? How are manufacturers ensuring both security and the continuous advancement of medical technology? While stringent regulations aim to enhance cybersecurity, there’s a concern about their impact on the pace of innovation. The FDA’s decision not to outright reject new device applications, instead working with sponsors to address deficiencies until October, reflects a balance between security and innovation. Manufacturers need to find a middle ground, ensuring the continuous advancement of medical technology while meeting cybersecurity standards. Collaboration between industry stakeholders and regulatory bodies is crucial to strike this balance. What are your “5 Things Everyone Should Know About Medical Device Cybersecurity?”
My prediction is that there will be a significant focus on advancing medical device security through the integration of encryption, blockchain for data integrity, and AI-driven threat detection. Manufacturers and healthcare providers must strategically plan for the seamless incorporation of these advancements into their response plans. Secure collaboration among stakeholders, including manufacturers, healthcare providers, and regulators, will be crucial in creating a collective defense against emerging cyber threats. Continuous planning, preparation, and a secure out-of-band area to communicate with internal and external providers to ensure rapid response will be crucial for any business. Even more so, a secure place to track an incident response and report to regulatory bodies will be key. I predict this will become standard practice as more organizations understand that a proactive and resilient approach is the best way to safeguard patient health and data. This was very inspiring and informative. Thank you so much for the time you spent on this interview! About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.
0 Comments
Leave a Reply. |
Alex WaintraubAlex Waintraub is a seasoned cybersecurity professional with over a decade of experience in IT, Security Operations, and DFIR. He excels in security analytics and leads both small and large-scale cybersecurity teams. For the past decade, Alex has specialized in managing security operations, including triage, validation, and escalation of incidents. His expertise spans SOC enhancements, Incident Response Plans, ransomware negotiations, threat hunting, and intelligence operations. He delivers robust cybersecurity services to global clients across multiple industries and speaks at national conferences and his NJ Cyber Fireside Chat (cyberfiresidenj.com). Archives
October 2024
|