Cybersecurity and medical devices: Are the ISO/IEC 80001-2-2 technical controls up to the challenge?
By a News Reporter-Staff News Editor at Medical Devices & Surgical Technology Week -- Investigators discuss new findings in Medical Devices. According to news originating from Adelaide, Australia, by NewsRx correspondents, research stated, “Medical devices, in the case of malfunction, can have tangible impact on patient safety. Their security, in a world where the Internet of Things has become a reality, is paramount to the continued safety of patients that are dependent upon these devices.”
Our news journalists obtained a quote from the research from the Flinders University of South Australia, “The international standard ISO/IEC 80001-Application of risk management for IT-networks incorporating medical devices presents a unified and amalgamated approach to the safety of medical devices connected to IT networks. Whilst this standard presents a guide for security and risk management in health delivery organisations, its effectiveness with regard to contemporary Cybersecurity is unknown. This research employed a structured review process to compare and analyse the ISO/TEC 80001 technical controls standards (ISO/IEC 80001-2-2 and ISO/IEC 80001-2-8), with contemporary cybersecurity best practice, guidelines and standards. The research deconstructed the technical controls and drew links between these standards and cybersecurity best practice to assess the level of harmonisation. Subsequendy, a deeper analysis identified the areas of omission, coverage, addition or improvement that may impact the effectiveness of ISO/IEC 80001 to provide effective cybersecurity protection. ISO/IEC 80001 aims to provide a minimal level of cybersecurity however this research demonstrates that there are deficiencies in the standard and identifies the important aspects of cybersecurity that could be improved. This situation has arisen due to the rapidly evolving nature of the cybersecurity environment and the protracted time to revise and republish international standards. This research identified several areas that require urgent consideration, including Emergency Access, Health Data De-Identification, Physical Locks on Devices, Data Backup, Disaster Recovery, Third-Party Components in Product Lifecycle Roadmap, Transmission Confidentiality, and Transmission Integrity. The research will provide health delivery organisations implementing ISO/IEC 80001, assurance as to the level of protection supplied by the ISO/IEC 80001 standard, and the areas that may need enhancement to increase cybersecurity protection and consequently increase in patient safety.”
According to the news editors, the research concluded: “Further, the outcomes are expected to influence development of the related international standard, as the findings from this research are being provided to the International Organisations for Standardisation, TC215 Health Informatics, Joint Working Group 7, to inform the review of ISO/IEC 80001 currently in progress.”
For more information on this research see: Cybersecurity and medical devices: Are the ISO/IEC 80001-2-2 technical controls up to the challenge? Computer Standards & Interfaces , 2018;56():134-143. Computer Standards & Interfaces can be contacted at: Elsevier Science Bv, PO Box 211, 1000 Ae Amsterdam, Netherlands. (Elsevier - www.elsevier.com; Computer Standards & Interfaces - http://www.journals.elsevier.com/computer-standards-and-interfaces/)
The news correspondents report that additional information may be obtained from S. Anderson, Flinders University of South Australia, Adelaide, SA 5001, Australia.
The direct object identifier (DOI) for that additional information is: https://doi.org/10.1016/j.csi.2017.10.001. This DOI is a link to an online electronic document that is either free or for purchase, and can be your direct source for a journal article and its citation.
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2018, NewsRx LLC
CITATION: (2018-02-04), Findings from Flinders University of South Australia Broaden Understanding of Medical Devices (Cybersecurity and medical devices: Are the ISO/IEC 80001-2-2 technical controls up to the challenge?), Medical Devices & Surgical Technology Week, 270, ISSN: 1537-1417, BUTTER® ID: 015058211
From the newsletter Medical Devices & Surgical Technology Week.
https://www.newsrx.com/Butter/#!Search:a=15058211
This is a NewsRx® article created by NewsRx® and posted by NewsRx®. As proof that we are NewsRx® posting NewsRx® content, we have added a link to this steemit page on our main corporate website. The link is at the bottom left under "site links" at https://www.newsrx.com/NewsRxCorp/.
We have been in business for more than 20 years and our full contact information is available on our main corporate website.
We only upvote our posts after at least one other user has upvoted the article to increase the curation awards of upvoters.
NewsRx® offers 195 weekly newsletters providing comprehensive information on all professional topics, ranging from health, pharma and life science to business, tech, energy, law, and finance. Our newsletters report only the most relevant and authoritative information from qualified sources.