New government requirements will help secure medical devices

In the latest directive to mitigate cybersecurity breaches in the health care sector, the FDA has mandated that manufacturers provide software bill of materials (SBOMs) for all medical devices going to market. The new requirement demonstrates the growing importance of not only strengthening cybersecurity in the health care sector but also the use of SBOMs as a key cyber defense strategy.

Walt Szablowski, Eracent: ©Eracent

The introduction of the new legislation follows in the wake of several cybersecurity incidents within the health care sector. Health care cyber attacks in the U.S. more than doubled from 2016 to 2021, putting medical devices — and patients — at risk and exposing the private health information of nearly 42 million individuals. In such a digital landscape, the integration of cybersecurity best practices such as the use of SBOMs comes as a welcome step forward in the fight against cybercrime.

SBOMs explained

An SBOM refers to a comprehensive inventory or list of all the software components and dependencies used in a particular software application or system. It provides a detailed breakdown of the software supply chain, including both proprietary and open-source components.

The SBOM captures information such as the names of the software components and libraries, versions, associated licenses, and any known vulnerabilities or security issues. In such a way, it helps health care organizations gain visibility into the software they’re using and identify potential security risks or vulnerabilities associated with the underlying components. The result is a better managed and secure software supply chain and a stronger cybersecurity infrastructure.

In addition to enhancing supply chain security, SBOMs play a vital role in health care cybersecurity by facilitating vulnerability management, ensuring regulatory compliance, enabling effective incident response, and supporting secure software development practices. They also enhance collaboration and information sharing, which in itself is a best practice that leads to continuous enhancements in security.

As critical as SBOMs are to an organization’s cybersecurity infrastructure, an SBOM on its own doesn’t do anything — it needs to be vigilantly monitored and analyzed in order to detect and respond to any component-level vulnerabilities that arise across the life cycle of the hardware or software device. In this way,supply chain risk management processes are critical to SBOM implementation.

Other approaches to cybersecurity

SBOMs and supply chain risk management processes are just two strategies that can be employed to help health care providers safeguard against cybersecurity threats. Others include:

• Endpoint protection: Endpoint protection involves deploying security software on all devices connected to a health care network, including computers, laptops, mobile devices, and medical equipment. Advanced endpoint protection can help defend against malware, ransomware, and other malicious activities.
• Network segmentation: By dividing their network into distinct segments with different security controls, health care providers can contain and mitigate the impact of a potential breach, preventing unauthorized access to critical systems and data, and perhaps even avoiding operational disruptions that can have dire consequences for patients.
• Data encryption: Crucial for protecting patient records, encryption ensures that sensitive data remains unreadable and unusable to unauthorized individuals or cyber attackers who gain unauthorized access.
• Multi-factor authentication: By requiring users to provide multiple pieces of evidence to verify their identity, MFA adds an extra layer of security. This typically involves a combination of something the user knows (such as a password), something the user has (for example, a token or smartphone), or something the user is (as with biometric authentication).
• Security information and event management (SIEM): SIEM is used to collect and analyze log data from various systems and applications within the health care network. Helping health care providers identify potential security incidents by correlating events, detecting anomalies, and providing real-time alerts, SIEM solutions enable proactive response to cybersecurity threats.
• User awareness and training: Educating health care staff about cybersecurity best practices and emerging threats is crucial when it comes to safeguarding against breaches. Training programs can help users recognize phishing attempts, avoid suspicious links or attachments, and follow secure practices when handling patient data.
• Vulnerability management: Employing vulnerability management tools allows health care providers to identify and address potential weaknesses in their systems and software. This encompasses regular vulnerability scans, penetration testing, and patch management to help identify and mitigate vulnerabilities before they can be exploited by attackers.
• Incident response and disaster recovery planning: Establishing a comprehensive incident response plan and disaster recovery strategy is essential for every health care business in today’s environment — just as disaster readiness and response plans for severe weather events has become the norm. Such a plan includes defining roles and responsibilities, establishing protocols for incident detection and response, and conducting regular drills to test the effectiveness of the plan. Additionally, it’s important to have data backup and recovery mechanisms in place to ensure that critical systems and patient data can be restored in the event of a cyber-attack.

SBOMs and the future of health care cybersecurity

By implementing SBOMs and the other technologies and approaches above, health care providers can significantly enhance their cybersecurity posture and better protect patient data and critical systems from cyber threats. Even in today’s escalating cybersecurity landscape, the result will be a safer environment for patients, staff, and stakeholders across the medical sector.

About the Author

Walt Szablowski is the Founder and Executive Chairman of Eracent and serves as Chair of Eracent’s subsidiaries (Eracent SP ZOO, Warsaw, Poland; Eracent Private LTD in Bangalore, India, and Eracent Brazil). Eracent helps its customers meet the challenges of managing IT network assets, software licenses, and cybersecurity in today’s complex and evolving IT environments. Dozens of Fortune 500 companies rely on Eracent solutions to manage and protect their networks. To learn more, visit http://www.eracent.com/ztrp.