Cybersecurity is a growing concern for health systems, regulators, researchers and medical device manufacturers as well as patients. As more devices become connected, cybersecurity risk increases – and security incidents can profoundly impact an organization’s productivity, finances, quality of care and reputation.
As a leading medtech and digital solutions provider, GE Healthcare plays a crucial role in providing health systems with the security and reliability they need today. We have a robust team of security experts in place and follow a comprehensive product security approach. Over the last two years in particular, GE Healthcare has made a concerted effort to drive greater transparency into how we assess and mitigate potential cyber risks throughout the lifecycle of our products. In vulnerability management, we are doing more to identify and communicate potential threats earlier – while also being more proactive with customers in how we respond to those threats. For example, we launched a novel security portal to notify customers of potential critical vulnerabilities impacting our products promptly after discovery, and to share proposed remediation plans when needed (e.g. patching, mitigating controls etc.) We still have more to do, but customers tell us they are noticing the difference.
We are also designing and developing products to make them inherently more secure. We’ve held workshops with customers to get feedback and better understand the problems they face. At DEF CON 2019, we made pre-release products available to the research community to help us identify potential vulnerabilities and have worked to remedy those findings. But cybersecurity resilience cannot be solved by device manufacturers alone. The entire ecosystem – equipment providers, health systems, security researchers and government agencies – shares responsibility in improving cybersecurity outcomes.
Health systems too are grappling with how to better manage the rapidly evolving threat environment and the associated risk for their clinical networks – and they have asked for our help. To address these needs, we created and recently launched Skeye, a vendor-agnostic cybersecurity service that helps hospitals proactively monitor and mitigate threats using GE Healthcare’s dedicated network of IT and operational technology (OT) security professionals.
We will continue to engage across the ecosystem and work with government organizations, healthcare providers and security industry leaders on cyber readiness initiatives that support the safe and effective use of our medical devices and software solutions. We also encourage security researchers to proactively engage with us on any potential vulnerabilities and related disclosures in a coordinated and responsible manner. Ultimately, we are all working toward the same goal – helping enable providers to treat patients effectively.