From medication pumps to pacemakers, people depend on lifesaving devices to live their healthiest possible lives and manage chronic ailments. Many of those patients likely hear about cybercriminals orchestrating massive data breaches, and might get concerned about one of those incidents compromising their information.
However, they probably haven’t considered the hackers might target the devices in their bodies or the ones they otherwise use for better well-being.
Hospitals Must Pay Attention to Device Monitoring and Security Strategies
Today’s healthcare facilities are becoming increasingly connected. Statistics indicate that for every bed in a United States-based hospital, there is an average of 10 to 15 connected devices. Although those aren’t usually inside patients’ bodies, they continually collect sensitive information and transmit it to staff members.
It’s critical for hospital management teams to weigh the clinical benefits against the possible risks of using those devices. Then, they must devise and implement methods to monitor those devices and keep them secured.
Device Testing Is Essential
A 2017 study by the Ponemon Institute found most health organizations and device manufacturers polled believed a device they used or manufactured would be attacked within the next year. However, 53 percent of healthcare facilities and 43 percent of manufacturers do not carry out any tests on these devices.
Regular and methodical testing of medical devices helps people spot issues before they become significant problems. Having a proactive attitude about tests could help prevent product recalls or patient complications.
Experts in the field of healthcare device security found most hospitals could not tell when simulated attacks occurred on medical pumps.
Health facilities must not merely trust that the devices they use for patients are safe and uncompromised. Ongoing testing gives them the evidence needed to feel confident for a good reason, instead of making assumptions based on implicit trust.
Hospitals Could Show Preference to Cybersecurity-Minded Manufacturers
The Food and Drug Administration issued content calling upon manufacturers to consider cybersecurity threats when designing medical devices. That’s a step in the right direction, but it’s important to realize the FDA material is only comprised of guidelines.
That means manufacturers have no legal obligation to implement them. Some analysts say the guidelines may at least give device makers a framework. However, only 51 percent of device makers abide by the FDA guidelines.
When choosing which manufacturers to work with when taking care of supply needs or experimenting with new devices, hospital administrators can show an intention to purchase medical devices responsibly by explicitly asking manufacturing representatives whether they are committed to cybersecurity. People at a healthcare organization responsible for medical device purchases show preferences in other ways, such as by insisting on electroplated or gold-plated items that offer advantages such as corrosion resistance and electrical conductivity.
If they also begin making it clear they only want to enter into supply contracts with manufacturers that prioritize cybersecurity, that decision could have a ripple effect that sets a good example.
Critical Thinking and Updated Knowledge Are Critical Cybersecurity Aspects
The likelihood of medical devices being affected by ransomware or other attacks doesn’t seem to be on the radar of many healthcare professionals. However, researchers who conducted extensive research in the United States and India about what could happen if medical devices get compromised reached sobering conclusions.
For example, they say a hacker could infiltrate a medical device that dispenses medication inside a patient and make it give a fatal dosage. In other cases, a hacked device could provide physicians with the wrong information, such as by directing them to use an AED on a patient with a normal heart rhythm.
Forward-thinking health practitioners who work with medical devices should take it upon themselves to think outside the box when pondering potential cybersecurity risks with the equipment. It’s also useful for them to consciously look for current news about cybersecurity threats in the health sector and remain aware of them.
Traditional Cybersecurity Approaches Are Not Sufficient
Internet-connected devices at hospitals around the world require a dedicated and unique approach to cybersecurity. In other words, the IT professionals working at those facilities cannot necessarily use the same general strategies for securing those devices as they do when locking down their networks.
Unfortunately, though, many are doing just that. Statistics published in a 2017 survey by ZingBox revealed more than 70 percent of IT decision-makers in healthcare who responded believed they could use traditional security strategies to secure connected medical devices.
Granted, there are substantial challenges to keeping some medical devices locked down, but they are not impossible to tackle. Taking medical device security seriously means understanding what’s required to achieve that goal. One obstacle to overcome is the fact that the area of medical device security is still emerging, and there is not always a consensus for how to address it.
Machine learning platforms that use automation to spot security issues are available, but they haven’t become widespread in the health field yet.
Better Security for Medical Devices Is a Collective Effort
Besides remaining aware of these tips, healthcare professionals must realize improving security of medical devices is everyone’s responsibility — not something hospitals or manufacturers must deal with alone.
Kayla Matthews is a health IT and medtech writer whose work has appeared on VentureBeat, The Week, Contagion Live and BioMed Central. To read more posts by Kayla, follow her on Twitter or at ProductivityBytes.com.
