A healthy and safe network: a matter of life and death

Could someone eliminate a political opponent by hacking his pacemaker?

It happened in the hit TV series “Homeland”; in real life, cybercriminals have already detected cracks in the safety of cardiac and other medical implants.

And it’s not just devices that are involved. It has become increasingly clear that cybersecurity is a risk factor in health care data, affecting millions of electronic patient records each year. Add to this the need to protect sensitive medical equipment in hospitals and laboratories, and it is clear that there is a specific and important security problem to resolve.

Both medical data and healthcare equipment are at risk

“When we talk about cybersecurity in e-health, we’re talking about the need to protect both vital information on individuals in a medical system and the medical device itself,”  says Alexandre Bouteille, Thales Technical Director of the Critical Information Systems and cybersecurity activity. “All medical players are concerned by this need, from researchers working on a new molecule that could be stolen, to hospital personnel working in an environment of increased interconnectivity of medical equipment, to individuals whose health records can be sold by cyber criminals.”

Historically, healthcare professionals have tended to pay more attention to the reliability 24/7 of equipment than to their cybersecurity. But with digitalization, all systems (equipment, healthcare applications) include more and more software and connectivity, implying an increased vulnerability. 

"When we talk about cybersecurity in e-health, we’re talking about the need to protect both vital information on individuals in a medical system and the medical device itself." Alexandre Bouteille, Thales Technical Director of the Critical Information Systems and cybersecurity activity.

As cyber-attacks become increasingly sophisticated, healthcare organisations must improve their healthcare security - from images and emails to medical records and payment information. The unprecedented sharing of healthcare data across clinical applications, devices, and facilities has expanded the potential attack surface for hackers – and increased the challenges of security.

A cybersecurity accompaniment for the medical digital transformation

Thales accompanies healthcare players in the digital transformation by providing services in identification and evaluation of risks, data encryption solutions and key management, and surveillance systems such as sovereign probe and specific sensors at critical network points. This helps them reduce the risks associated with storing patient data on multiple operating systems.  However, notes Alexandre Bouteille, for maximum protection it is critical for healthcare companies to build in security measures at the conception of a new IT system or product: this approach is called Secure by Design.

“One of the key features of the Thales solution is the ability to provide security measures that are compatible with government regulation of the healthcare industry, so in other words to ensure the optimal mix of safety and security needs,” he adds. “We have a long history of doing this with the aerospace, space or ground transportation and space industries, so we are able to offer healthcare players the solutions they need that take into account various regulations.”

“One of the key features of the Thales solution is the ability to provide security measures that are compatible with government regulation of the healthcare industry, so in other words to ensure the optimal mix of safety and security needs,” adds Alexandre Bouteille, Thales Technical Director of the Critical Information Systems and cybersecurity activity.