• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Protecting Medical Device Security in the Age of Ransomware

by Kayla Matthews, Contributing Writer 06/25/2018 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Protecting Medical Device Security in the Age of Ransomware

From medication pumps to pacemakers, people depend on lifesaving devices to live their healthiest possible lives and manage chronic ailments. Many of those patients likely hear about cybercriminals orchestrating massive data breaches, and might get concerned about one of those incidents compromising their information.

However, they probably haven’t considered the hackers might target the devices in their bodies or the ones they otherwise use for better well-being.

Hospitals Must Pay Attention to Device Monitoring and Security Strategies

Today’s healthcare facilities are becoming increasingly connected. Statistics indicate that for every bed in a United States-based hospital, there is an average of 10 to 15 connected devices. Although those aren’t usually inside patients’ bodies, they continually collect sensitive information and transmit it to staff members.

It’s critical for hospital management teams to weigh the clinical benefits against the possible risks of using those devices. Then, they must devise and implement methods to monitor those devices and keep them secured.

Device Testing Is Essential

A 2017 study by the Ponemon Institute found most health organizations and device manufacturers polled believed a device they used or manufactured would be attacked within the next year. However, 53 percent of healthcare facilities and 43 percent of manufacturers do not carry out any tests on these devices.

Regular and methodical testing of medical devices helps people spot issues before they become significant problems. Having a proactive attitude about tests could help prevent product recalls or patient complications.

Experts in the field of healthcare device security found most hospitals could not tell when simulated attacks occurred on medical pumps.

Health facilities must not merely trust that the devices they use for patients are safe and uncompromised. Ongoing testing gives them the evidence needed to feel confident for a good reason, instead of making assumptions based on implicit trust.

Hospitals Could Show Preference to Cybersecurity-Minded Manufacturers

The Food and Drug Administration issued content calling upon manufacturers to consider cybersecurity threats when designing medical devices. That’s a step in the right direction, but it’s important to realize the FDA material is only comprised of guidelines.

That means manufacturers have no legal obligation to implement them. Some analysts say the guidelines may at least give device makers a framework. However, only 51 percent of device makers abide by the FDA guidelines.

When choosing which manufacturers to work with when taking care of supply needs or experimenting with new devices, hospital administrators can show an intention to purchase medical devices responsibly by explicitly asking manufacturing representatives whether they are committed to cybersecurity. People at a healthcare organization responsible for medical device purchases show preferences in other ways, such as by insisting on electroplated or gold-plated items that offer advantages such as corrosion resistance and electrical conductivity.

If they also begin making it clear they only want to enter into supply contracts with manufacturers that prioritize cybersecurity, that decision could have a ripple effect that sets a good example.

Critical Thinking and Updated Knowledge Are Critical Cybersecurity Aspects

The likelihood of medical devices being affected by ransomware or other attacks doesn’t seem to be on the radar of many healthcare professionals. However, researchers who conducted extensive research in the United States and India about what could happen if medical devices get compromised reached sobering conclusions.

For example, they say a hacker could infiltrate a medical device that dispenses medication inside a patient and make it give a fatal dosage. In other cases, a hacked device could provide physicians with the wrong information, such as by directing them to use an AED on a patient with a normal heart rhythm.

Forward-thinking health practitioners who work with medical devices should take it upon themselves to think outside the box when pondering potential cybersecurity risks with the equipment. It’s also useful for them to consciously look for current news about cybersecurity threats in the health sector and remain aware of them.

Traditional Cybersecurity Approaches Are Not Sufficient

Internet-connected devices at hospitals around the world require a dedicated and unique approach to cybersecurity. In other words, the IT professionals working at those facilities cannot necessarily use the same general strategies for securing those devices as they do when locking down their networks.

Unfortunately, though, many are doing just that. Statistics published in a 2017 survey by ZingBox revealed more than 70 percent of IT decision-makers in healthcare who responded believed they could use traditional security strategies to secure connected medical devices.

Granted, there are substantial challenges to keeping some medical devices locked down, but they are not impossible to tackle. Taking medical device security seriously means understanding what’s required to achieve that goal. One obstacle to overcome is the fact that the area of medical device security is still emerging, and there is not always a consensus for how to address it.

Machine learning platforms that use automation to spot security issues are available, but they haven’t become widespread in the health field yet.  

Better Security for Medical Devices Is a Collective Effort

Besides remaining aware of these tips, healthcare professionals must realize improving security of medical devices is everyone’s responsibility — not something hospitals or manufacturers must deal with alone.


Kayla Matthews is a health IT and medtech writer whose work has appeared on VentureBeat, The Week, Contagion Live and BioMed Central. To read more posts by Kayla, follow her on Twitter or at ProductivityBytes.com.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Box, Connected Medical Devices, Cybercriminals, Cybersecurity, FDA, Health IT, Healthcare Ransomware, healthcare security, healthcare security breaches, Heart, Machine Learning, Medical Device, Medical Device Cybersecurity, Medical Devices, medication, Pacemakers, physicians, Ponemon Institute

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

 Selecting the Right EMR: A Practical Guide to Streamlining Your Practice and Enhancing Patient Care

Selecting the Right EMR: A Practical Guide to Streamlining Your Practice and Enhancing Patient Care

Featured Interview

Virta Health CEO: GLP-1s Didn’t Kill Weight Watchers, Its Broken Model Did

Most-Read

Meaningful Use Penalties_Meaningful Use_Partial Code Free_Senators Urge CMS to Establish Clear Metrics for ICD-10 Testing

CMS Finalizes TEAM Model: A New Era of Value-Based Surgical Care

White House Event Unveils CMS Health Tech Ecosystem Initiative

White House Event Unveils CMS Health Tech Ecosystem Initiative

Digital Health Faces Q2'25 Pullback: Funding Falls to 5-Year Low, But AI Dominates and $1B+ IPOs Emerge

Healthcare Investment Shifts in 1H 2025: AI Remains a Bright Spot Amidst Fundraising Decline

Digital Health Faces Q2'25 Pullback: Funding Falls to 5-Year Low

Digital Health Faces Q2’25 Pullback: Funding Falls to 5-Year Low

Beyond the Hype: Building AI Systems in Healthcare Where Hallucinations Are Not an Option

Beyond the Hype: Building AI Systems in Healthcare Where Hallucinations Are Not an Option

Health IT Sector Navigates Policy Turbulence with Resilient M&A

Health IT’s New Chapter: IPOs Return, Resilient M&A, Valuations Rise in 1H 2025

PwC Report: US Medical Cost Trend to Remain Elevated at 8.5% in 2026

PwC Report: US Medical Cost Trend to Remain Elevated at 8.5% in 2026

Philips Launches ECG AI Marketplace, Partnering with Anumana to Enhance Cardiac Care with AI-Powered Diagnostics

Philips Launches ECG AI Marketplace, Partnering with Anumana to Enhance Cardiac Care with AI-Powered Diagnostics

WeightWatchers Emerges from Bankruptcy, Launches New Menopause Program

WeightWatchers Emerges from Bankruptcy, Launches New Menopause Program

CMS Finalizes New Interoperability and Prior Authorization Rule

CMS Proposes 2026 Physician Fee Schedule Rule: Boosting Primary Care, Cutting Waste, and Modernizing Payments

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |