How is the way we protect medical devices from cyberattack changing? The job of protecting embedded systems and medical devices is something that must be shared among manufacturers, users and those who provide security solutions, but are we close to securing medical devices as well as the endpoint?
Steve Rossi and BlackBerry Cylance just may have the answer…
About Steve Rossi
Steve Rossi is the Global Director of OEM at BlackBerry Cylance. He is an experienced Global Director with a highly successful history of working in the computer and network security industry. Steve is skilled in IoT, OT, ICS, MedTech, Professional Services, OEM negotiations, Software as a Service (SaaS), and Computer Security.
“Hello, it's Steve Rossi, I'm a Global Manager for OEM Sales (at BlackBerry Cylance). Today we're at HIMSS 2019 and we're talking about med tech. Which we have pretty good traction with, with some of the med tech device manufacturers - essentially embedding CylancePROTECT on these devices, and locking them down from future attacks.
How is the Way we Protect Medical Devices Changing?
(Medical devices have) been difficult to secure because of all the variables within the industry itself. But as we're finding more and more companies are running on a Windows Internet of Things (IoT) platform, which allows us to be embedded into those devices.
So as those OS's become more open, and we can support those OS's, we'll have more traction as it relates to on-device protection. But I think the industry itself, though, is moving to this shared responsibility, which is requiring more med tech companies to really think about cybersecurity.
It's no longer someone else's problem. And why I'm seeing more adoption in the med tech space as it relates to cybersecurity, is because these companies no longer can rely on the HGO's to take care of the problem, so more and more devices now are coming with some sort of cybersecurity solution embedded.
Who is Responsible for Securing Medical Devices?
You know again, you'll hear it in the industry, it’s a shared responsibility. So it's much more of a collaborative effort. Whereas before it was very siloed. And what I mean by siloed, is you had a) the vendors that were making the devices. You have b) the security companies, such as (BlackBerry) Cylance that was protecting those devices. And then you had c) the HDO's or the end users. And they really all don't collaborate and talk together.
But now for example, we have a relationship with a very large med tech company here at the show. And it is a collaborative effort in that not only to we talk to the HGO's that are their clients, but then we also talk to the product marketing and product management of the med tech, to really map out not only a plan for the integration, but then also a plan for it to go to market. So I think what you're seeing is much more collaboration, which really wasn't happening in the past.
So I think that to answer your question, what's driving a lot of changes in the industry is people working together, and understanding that it really takes a team of individuals to solve the problem. It's no longer just the cybersecurity vendors that can take the challenge on themselves.
Are We Close to Securing Medical Devices as Well as the Endpoint?
You know, it depends on how you define ‘close,’ right? So I mean, that's a bit of a variable. But as long as the OS's are supported, and as I mentioned, Windows IoT, Windows 10, Windows 7.
Even some of the old legacy systems as well as a bunch of variations in in Lynux. We are supporting those OS's so I think provided that it's a supported OS, then there's really no reason why we can't embed our technology on that software and protect it.
Is Preventative Security Possible?
I like to think anything is possible. As it relates, though, to a 100% guarantee, I don't believe there is such a thing. However, if it's done right, with the right process, the right procedures, and the right tech, I do believe in circumstances that (prevention) is 100% possible.”