Philips: cybersecurity means shared responsibility

30/09/21

Increasing digitisation brings major benefits such as greater efficiency and faster processes. But there’s also a downside to our increasing dependence on technology.

The number of cyberattacks has risen sharply this past year, especially within the healthcare sector. For Philips – which supplies medical equipment to hospitals around the world – this was yet another reason to emphasise and tighten up its security protocols and recommendations to clients.

Trust and transparency at the heart of support

Executives at organisations worldwide see many opportunities in the digital transformation, accelerated by COVID-19, but at the same time they are extremely concerned about cybersecurity. Particularly for healthcare providers, the impact of a ransomware attack that paralyses IT systems can be severe; in extreme cases it can cost lives. Philips is therefore committed to helping clients maximise the reliability and security of the equipment it supplies. Trust and transparency are the basic principles here.

Cybersecurity in health

‘When it comes to cybersecurity we see maturity differences in the healthcare sector,’ says Gal Gnainsky, Chief Security Officer at Philips. ‘Of course, we do understand that the priority and focus of our care professionals mainly is on curing people where their expertise develops over decades, while cybersecurity is a relative new risk filed which requires extensive knowhow, high investment in system protection and developed user awareness.'

‘To maximise security,’ says Dirk de Wit, Philips’ Head of Product Security, ‘we believe in full transparency and clarity about our products security status and the responsibilities we have as a provider. We see it as our mission to ensure that our clients utilise all the products and services we provide, securely.’

‘To maximise security, we believe in full transparency and clarity about our products security status and the responsibilities we have as a provider. We see it as our mission to ensure that our clients utilise all the products and services we provide, securely.’

Dirk de WitHead of Product Security at Philips

Cybersafe programme

According to De Wit, part of the responsibility lies with the users of the equipment. ‘The customer must also have sufficient knowledge and be alert. We ensure that our products are safe, but we are also dependent on the infrastructure - both IT & physical - and protocols of a hospital.’

To assist customers of Philips products and services to do this, the company launched the Cybersafe programme. This programme supports clients in keeping their devices and the associated operating systems up to date.

Dirk de Wit explains: ‘Large medical devices have a lifespan of fifteen years or more. They usually run on Windows, and a Windows version is generally supported for a maximum of ten years. If you aren’t aware of that, then a problem will arise. With Philips Cybersafe, institutions are able to put additional measures in place to permanently protect their systems against cyberattacks.’

To give the Cybersafe program a certain ‘weight’, Philips turned to PwC. ‘In recent years, we have regularly brainstormed with PwC about cybersecurity and about ways to make IT systems and products more secure. This time we wanted to show clients that they can trust Cybersafe,’ says Gal Gnainsky. ‘That turned out to be rather a complicated process, and the question was to what extent we could provide that trust. PwC helped us identify the various possible options, the required security measures, and how to provide our clients with the relevant insights. It’s ultimately about delivering trust and transparency to clients and making our contribution to the security of the healthcare sector.’