February 2023

· 8 min read

loMT: Utilize Internal Information Security Expertise to Combat Cyber Risks

The goal is to ensure that patient data is kept in the right place, with the right encryption level and protected behind the right systems.
Man clicking on lock icon - Health Sciences: Implementing Good Cybersecurity Practices | NSF

What is it that distinguishes one organization from another? One might offer the comfort of sleek, modern offices. Another might be the darling of Wall Street investors. And another might stand out simply because of clever advertising. But when all is said and done, doesn’t it come down to the expertise of their people — their collective knowledge, skill, and talent? If an organization has this one valuable asset, it can deliver great results for its clients. And that makes all the difference.

NSF is fortunate in this regard. The expertise of its worldwide staff is well respected in the field of global technical standards and certifications. This recognition extends to the behind-the-scenes work done by its IT managers, those who make sure far-flung networks are functioning efficiently and valuable data stay secure. And it extends to the work done by Liam Rogers, Senior Global Manager, IT Strategy and Planning, for NSF’s Health Sciences division.

“My job is to look for IT growth opportunities and develop digital services that combine the best of NSF resources internally with our external partners,” Rogers says. “Health Sciences includes five groups. They are Medical Devices, Training, Pharmaceutical Consulting, Health Science Certification, and Clinical Research. Which means that my daily tasks can vary depending on the specific opportunity at hand.”

The Health Sciences division provides consulting, auditing and certification services to pharmaceutical, medical device and in vitro diagnostic companies in the United States and around the world. This includes customized, end-to-end services throughout a company’s product life cycle. The goal is to ensure that clients achieve regulatory compliance, implement quality management systems, and attain optimum product quality and safety.

This is all highly technical, with world-class expertise at work. It’s an environment where the intellectual property of the new drugs and products that client companies are developing is valued in the millions, not the thousands, of dollars. Liam Rogers’ job is to make sure it all happens quietly, efficiently and securely. Not just in the United Kingdom, where he is based, but also in the United States and in countries across the globe where Health Sciences clients operate.

But even in this typically quiet sector, the dark specter of ransomware attacks has emerged, just as it has in so many other industries. “In recent years, more and more medical devices have become susceptible to cyberattacks,” Rogers says. “This started happening as connected devices known as IoMT, the Internet of Medical Things, began speaking to the world via Wi-Fi, Bluetooth and NFC, or near-field communication.

“In the 2010s, the FDA recalled wearable devices that had become vulnerable to attack — those which could pose a threat to patients with devices such as pacemakers and insulin pumps,” he adds. “The Medical Device Regulation (MDR) was created in 2017, and it focused on the security of devices as well as the safety of patients. What followed was a wave of new practices stipulating what good cybersecurity practices should be.”

For larger pharmaceutical, medical device and in vitro diagnostic companies, implementing good cybersecurity practices is generally part and parcel of how they operate and how they budget. But the same is not always true for small and medium-sized companies. “Smaller entities must adopt ‘off-the-shelf’ solutions to tackle security vulnerabilities, rather than approach security situations by trying to create custom technical solutions,” Rogers says.

“They should also take advantage of government-backed programs for cybersecurity insurance,” he adds. “In the event of a breach, showing previous good practice and having insurance can save your organization millions. They should also implement user-awareness training, hold open-door sessions, and create videos and blogs to support user awareness of potential ways cybercriminals can attack. Because often humans are the weakest entry point.”

The expertise of NSF’s information technology and security experts, like Liam Rogers, flows from NSF out to the Health Sciences clients he supports. “Understanding security and compliance needs within the industry allows us to apply and adopt solutions that meet regulatory requirements,” Rogers says. “This keeps patient data in the right place, with the right encryption level and protected behind the right systems.”

The benefits of expertise at work, courtesy of NSF’s Liam Rogers.

Interested in Information Security?

Contact us with questions or to receive a quote.