CIOMET
Ciberseguridad en Infraestructuras Médicas Conectadas
Researchers
Abstract
As pointed out in the fourth “National Security Strategy - NSE 29/12/21”: “Security is conceived as a necessary condition for economic recovery and social cohesion. Also, the NSE proposes technological innovation and ecological transition as two paths towards a modern Spain with a vision of the future”. Likewise, Chapter 4 of this plan highlights the importance of combating risks and threats in the two strategic sectors in which the CIOMET project is framed: 1) health and 2) cybersecurity.
Healthcare worldwide has been under tremendous pressure as a consequence of the COVID-19. In this regard, the digital innovations that health services rely on have been well accepted and used with significant effect, enabling from an agile case notification to carrying out one of the largest national and global vaccinations. However, although digital technologies are of great benefit to healthcare systems, like many other digital systems, these systems can be the target of cybersecurity attacks. This fact has been corroborated by the European Union Cybersecurity Agency (ENISA), which certifies that attacks on hospitals and healthcare networks have increased by approximately 50% during the pandemic.
The CIOMET project aims to increase the cybersecurity measures of the Internet of Medical Things, allowing progress in the digitalization of health services, increasing the quality of the care and diagnosis system, facilitating access, and at the same time reducing, as much as possible, the risks of threats from cybercriminals. Cyberattacks have not only increased in number but also sophistication. This fact is grave because, unlike in other sectors, the repercussions of cyberattacks go far beyond potential financial losses. Cyberattacks in the healthcare context pose a threat in four dimensions: Security, efficiency, reputation, and finance. Mitigating cyberattacks is a significant challenge as such infrastructure is composed of a vast amalgam of very diverse entities: hardware platforms, software applications, operating systems, connected devices, and networks, among others.
In designing cybersecurity solutions, it is essential to consider certain particularities, which will be considered in the CIOMET project, that make the securitization of medical infrastructures even more complex. For example, 73% of healthcare providers use equipment with obsolete operating systems that cannot be updated. Likewise, between 25% and 40% of healthcare providers offer some telemedicine service. However, as the FDA has warned, there is a real risk in using some devices, such as the new generations of pacemakers from some manufacturers, exposed to significant cybersecurity threats. On the other hand, it is noteworthy how the SNE points out the strategic potential of AI and its importance as a mainstay of Homeland Security. While no one disputes the potential of AI in diagnostic assistance, some authors have already shown how these types of systems can also be vulnerable to cyberattacks.
