Latest news: cybersecurity in pharma

The Biden administration has rolled out a new National Cybersecurity Strategy (March 2) that puts more pressure on the US tech industry to take more responsibility for protecting their systems from hackers.

The new strategy aims to take on the systemic challenge of too much responsibility for cybersecurity falling on individual users and small organisations.

The strategy has had a mixed reception, however, some experts believe that “overregulation” could have a “counterproductive” effect on a company’s cybersecurity. “Even amid surging cybercrime, shifting the cybersecurity burden to software developers and tech solution providers may seem an unduly harsh move, however, economically speaking it makes perfect sense,” Dr. Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network, told Verdict.

“That being said, overregulation or bureaucracy will certainly be harmful and rather produce a counterproductive effect.

“Unnecessarily burdensome or, contrariwise, formalistic and lenient security requirements will definitely bring more harm than good.”

Kolochenko believes the “technical scope” and “timing of implementation” for the requirements of Biden’s proposal is paramount to companies’ success or failure in taking increased responsibility.  

The new National Cybersecurity Strategy also calls for US law enforcement to put more emphasis on bringing down gangs of digital thieves and ransomware bandits.

Edgard Capdevielle, CEO at cybersecurity company Nozomi Networks, believes that the work to implement the proposed strategies will “be expensive in time”.

“While the National Cybersecurity Strategy represents a positive shift in motivation, the actual work to implement these strategies will be expensive in time, human resources, and investment in compatibility and interoperability going forward,” says Capdevielle.

New laws passed by the US government which came into effect on 29 March 2023 gives U.S. Food and Drug Administration (FDA) authorisation to require cybersecurity adjustments in submitted medical devices. The requirement will take effect 90 days from the law being passed, giving vendors until October 1, 2023, to prepare submissions meeting the new standards.

In its newly issued guidance for cyber devices, the FDA have said they intend not to issue ‘refuse to accept’ (RTA) decisions for cybersecurity shortcomings to vendors who submitted before this deadline. The agency plans to work collaboratively with sponsors as part of the review process to meet the new laws passed in the Consolidated Appropriations Act, 2023 by the US Senate.

By October this year, the FDA expects submissions to meet the new requirements, citing sponsors will have had sufficient time to prepare their premarket submissions. For submissions that do not tick the cybersecurity boxes, the FDA will duly issue RTAs.

Cybersecurity is becoming a more pertinent concern as more medical devices become connected to the internet, healthcare systems, and other digital devices. As connectivity and digital integration become an increasingly common feature in medical devices, security risks increase too. Data breaches are one of the main concerns – medical health records, insurance details and payment information could all be leaked.

According to GlobalData, between 2020 and 2025, cybersecurity in medical devices is forecast to grow at a CAGR of 7.3% from $869mn to $1.23bn. Inextricably linked will be the money spent by healthcare providers and payors to ensure digital safety too – this will grow slightly faster at a rate of 8.1%, from $4.59bn to $6.77bn.

The UK and Israel have announced the signing of a new roadmap for UK-Israeli bilateral relations. The roadmap will deepen tech, trade and make the country a driving force in the cybersecurity industry by 2030.

The roadmap is designed to deepen cooperation between the UK and Israel. Both countries will benefit from increased investment to strengthen cybersecurity capacity and foster tech innovation.

“Israel has long been a pioneer in digital forensics and cybersecurity. The investment made in terms of people and funding, over time, has proved highly successful in recent years and has made the country a driving force in the cybersecurity industry,” Jake Moore, global cybersecurity advisor at global digital security company, ESET, told Verdict.

The roadmap comes with £20m of joint funding that will go towards technology innovation to enable both countries to stay globally competitive.

“The constantly evolving ecosystem built to respond and prevent threats has made the country synonymous with cybersecurity.

The investment in people has also shown to improve the nation and its capabilities, far greater than seen in the UK,” claims Moore.

According to a GlobalData Thematic Research: Cybersecurity (2022) report, there continues to be an ongoing shortage of cybersecurity skills.

There is currently a 65% workforce shortfall in the global cybersecurity space. This agreement between the UK and Israel is vital in closing this gap.