5 ways to improve healthcare cybersecurity
Stay up-to-date and subscribe.
Join your peers, sign-up to stay informed and receive insights into healthcare innovations, straight to your inbox.
(Please be sure to check the box to receive communications from Philips)
Home › Our Approach › Perspectives › 5 ways to improve healthcare cybersecurity
Today’s world of connected care is fast becoming the foundation for a healthier society. Yet sophisticated, persistent cyberattacks threaten to compromise this effort. You can help prevent such threats by establishing a strong cybersecurity program – starting with these 5 actions.
A balancing act
Healthcare providers and patients need assurance that the technology they interact with on a daily basis is as secure as possible. Demands from customers and patients for accurate and accessible data must be balanced with stringent requirements for the security of that data. Governments and industry regulators take this matter very seriously and continue to address cyber-threats with rigorous legislation and regulation that also accommodates data sharing.
See our global policy addressing the evolving nature of security in medical technology.
Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access1.
Government entities push to set strict security standards
The DoD, VA, FDA and other key influencers are requesting that new products and services be engineered to withstand serious cyber threats. Strict standards must be developed and deployed ubiquitously across all systems. This requires an unwavering attention to risk assessment, and adherence to security-based product development protocols and testing. Here are 5 actions to consider when coordinating an approach to this challenge: 1. Build security into your product lifecycle As you build your systems take a look at critical checkpoints, testing and harmonizing protection aspects each step of the way –build security into your products from the ground up. At Philips, we make certain our new systems meet expectations of today and are prepared for future upgradeability. 2. Include 3rd party software in your security plans Companies reliant on the integration of 3rd party software open themselves to hidden risks posed by programming code that is not their own. To prepare for upcoming potential federal legislation on this topic, we are working to create a software Bill of Materials (BOM) for every product. This is critical in identifying and describing open source and 3rd party software components and allowing organizations to quickly respond to possible security vulnerabilities/breaches. 3. Establish a formal process for dealing with security incidents It is important to handle all security incidents with a sense of urgency and sensitivity. Transparency is key. For example, our formal incident response management process includes documenting all communication, opening a corrective action program, developing a solution, and authoring an incident report. 4. Develop a robust Responsible Disclosure policy Development of a Responsible Disclosure policy reassures customers that proper effort will be made to repair any vulnerabilities and prevent future damage. To ensure we are pulling in objective and real-time feedback, we collaborate proactively with the ‘ethical hacker’ research community to maintain a coordinated Responsible Disclosure process. This process provides additional input for Philips to manage potential vulnerabilities identified in products and solutions. 5. Form an accountable Product Cybersecurity team Put together a team dedicated to product security. Their priority must always be to mitigate any situation by hypothesizing worse case scenarios before they happen and developing solutions and workarounds. Our Security Center of Excellence (SCoE) helps us manage these vulnerabilities. The Philips Product Security Incident Response Team evaluates potential security incidents and discovered vulnerabilities and develops response plans as necessary.
Connect with a Philips government account representative.
Subscribe today to stay-up to date on healthcare transformation.
Share on social media
More related news
-
![Benefits of telehealth]()
Benefits of telehealth
Click here to learn more -
![Help for veterans with PTSD and mTBI]()
Help for veterans with PTSD and mTBI
Click here to learn more -
![A blood test for concussions?]()
A blood test for concussions?
Click here to learn more -
Cost of care savings with telehealth | Philips Government Solutions
Click here to learn more -
Telehealth comes of age | Philips Government Solutions
Click here to learn more -
Inaugural Outside, In | Philips Government Solutions
Click here to learn more
Become a proactive cybersecurity leader
Patient safety in today’s connected care environment is a task we all take very seriously. As we all evolve our cybersecurity programs, transparency, accountability and responsiveness must be priorities we continue to maintain. Converting areas of potential concern into knowledge-sharing engagement opportunities can help refine critical thinking and lead to the development of solutions that enable regulatory compliance. That’s why we’ve entered into ongoing productive dialogue with leaders in the cybersecurity ecosystem – customers, regulators, standards development organizations, industry groups, and security researchers, among others. And we look forward to working with you, as well.
Best practice: Responsible Disclosure Policy
‘Responsible disclosure’ is a computer security term describing a vulnerability disclosure model2. Recognizing this need as part of our product security policy, Philips became one of only two major medical device manufacturers to design and implement a Responsible Disclosure Policy. Our policy has been singled out as a ‘best practice’ by industry stakeholders. Following the guidelines detailed in the Responsible Disclosure Policy, there is a certain timeline for us to respond to suspected vulnerabilities. Confirmed vulnerabilities result in a direct report into government agencies such as DHS (ICS-CERT program) and are then communicated through the press to the public.
