The cybersecurity threat is hardly new. But the growth of digitisation in key areas of our lives, such as healthcare, makes it ever-more significant. Recently, our CEO, Jovan Stevovic, discussed this topic in a panel at LSX World Congress in London.
“One of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter.” President Obama, speaking in 2009.
The panel was titled Growing opportunity, growing threat; cyber-security in the context of digitisation. The panel was moderated by Bill Aronson (COO of Cera.io). Jovan was joined by Leon Lerman (CEO & Co-founder of Cynerio) and founding partner of AbedGraham, Dr Saif Abed. Together, they discussed cybersecurity threats for the global MedTech industry.
The cybersecurity threat has not been fully managed
Leon Lerman emphasised the fact that cybersecurity is a constant journey but depends much more on awareness.
It is important that C-level executives understand the importance of cybersecurity, because they are the ones drawing the priorities and budgets. According to Leon, this can be done simply by raising awareness among the decision makers.
Dr Saif Abed agreed with Leon, highlighting that it is a never ending journey. The digital market is constantly changing, adding more and more technologies that require proper data security.
Jovan talked about compliance and how governments are involved in monitoring the MedTech industry. The US government was one of the first to include digital applications in their legislation. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created primarily to modernise the flow of healthcare information. HIPAA stipulates how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft. More recently, the EU enacted the GDPR which classes health data as a special category of personal data requiring additional protection. And in May 2020, the Medical Device Regulation (MDR) will come into force. This classifies most digital health applications as medical device software (MDSW).
Cybersecurity is a global challenge
It is still unclear how a single sector can reach consensus on the standards and regulatory requirements necessary to manage the threats.
Laws lag behind innovation, meaning that in the future we will always face challenges that we can't predict today. The roles of each stakeholder, from medical device companies and application developers through to providers, are unclear.
According to Leon Lerman, constant discussion of all stakeholders is needed to create a self-sustaining system. Constant communication and engagement between the players will bring clear results. The challenge for the cooperation is lack of international organisation involvement or authority. Dr Saif Abed argued that there are no global unified standards, standards are purely advisory and develop slowly.
Jovan Stevovic answered to that drawing more attention towards existing laws like MDR, HIPAA and GPDR, as well as national bodies like the FDA.
Standards bodies, like BSI, certify medical products and take the responsibility for checking their safety and security. Certainly, this cooperation is not perfect – there are still major gaps in cooperation between different countries and how laws are being shared.
The cybersecurity challenge for leadership
Dr Saif Abed reiterated that cybersecurity experts must step away from technical language to grab the attention of decision-makers. We must use plain english that all the C-suite understands, making the knowledge accessible to the decision makers. Jovan Stevovic agreed, saying that we cannot call cloud an innovative solution. Every hospital is now in the cloud or on the web. Therefore keeping data safe must be a requirement for every manager.
Leon Lerman emphasised that cybersecurity is a shared responsibility – only with collaboration we will create security. Everyone agreed with this and the panel encouraged all the companies to work together in order to create a safer environment.
If you want to learn more about how regulations and standards are already transforming the digital health landscape, download our new guide.