Medical device manufacturers should emphasize on device security at the preliminary stage, then as an afterthought to evade unnecessary expenses and last-minute shortcuts that developers take to push in some form of the security feature.
FREMONT, CA: It is estimated that about one out of every four medical devices is now connected. One can encounter several connected medical devices during their visit to a hospital. Because of the extended connectedness of medical equipment, cyber criminals are starting to target them along with Protected Health Information (PHI) or, even worse, harm a patient by corrupting or damaging the operations of these devices.
Some vulnerable medical devices include:
• Magnetic Resonance Imaging (MRI)
• Implantable Cardioverter-Defibrillator (ICD)
• Picture Archiving and Communication System (PACS)
• Drug Infusion Pumps
• Identification and Antibiotic Susceptibility Testing devices
What Needs to be Done?
The healthcare industry is lacking in protecting its main stakeholders— the patients. Therefore, hospitals are required to invest considerable capital and effort in shielding their systems. The job is easier said than done because hospitals are exceptionally technology-saturated with high-end point complexity, internal diplomacies, and regulatory pressures. Though security issues in the medical domain take several forms, there are some voluntary security standards to address the risks in networked equipment:
•Medical device manufacturers should emphasize on device security at the preliminary stage, then as an afterthought to evade unnecessary expenses and last-minute shortcuts that developers take to push in some form of the security feature.
• Use strong passwords to shield all external connection points.
• Build on-time patch management, update vulnerability evaluations, and revise IT security policies.
• Boost awareness among all stakeholders comprising doctors, CMIOs (Chief Medical Information Officers), and clinical engineering teams about the present and potential medical device vulnerabilities.
• Safeguard infrastructure from threats, such as malware and hacking attacks with a steadfast security solution.
• Take a backup of vital data at regular intervals and keep a copy of it offline.
IT, risk, and compliance staff in hospitals need to foresee future medical device security contingencies and attend to them along with the present dangers to offer patient safety and protected health data.