As the healthcare sector has been on the path of digital transformation, the integration of technologies in the industry has also accelerated. One of the problems with this advent is cybersecurity and the extensive damages prompt an urgent needs for regulation.
By the end of 2022, the US Congress passed an appropriations bill that mandates security for internet-connected medical devices. The bill aims to put in place a framework for connected medical device cybersecurity, empowering the health and human services authority.
Regulatory oversight has also evolved in other countries. The European Union introduced in September last year the Cyber Resilience Act that bolsters cybersecurity for IoT products, including medical devices. The Product Security and Telecommunications Infrastructure Bill in the UK seeks to ensure the cybersecurity of web-enabled devices, including healthcare devices.
Cybersecurity in medical software is also a key emphasis in updated medical device regulations of Japan’s Ministry of Health, Labor, and Welfare and new guidelines of China’s Center for Medical Device Evaluation.
The security of personal medical data is facing many threats as the application of artificial intelligence (AI) becomes more and more popular and becomes smarter. However, existing laws are not strong enough to fully protect such private data.
Human health information is an important data asset that is always the hunt target of cyber crimes or fraud businesses looking to bring ads to each group of customers with common interests and make use of the data.
Despite the fact that technological advancement and the implementation of information security measures are both on the rise, fraudsters are always looking for new ways to breach patients’ private health data and information.
Legislators are being urged to make changes to the regulations and legislation that are now in place so that a robust barrier can be created to secure the personal health data of individuals.
While more regulation is required, there are still concerns about the flexibility, competence, and, of course, the government’s ability to manage private data. Excessive compliance costs raise worries about firms focusing entirely on regulatory compliance rather than providing people with the tools and information they need to effectively self-prevent such attacks.
