In 2011, Methodist Hospital of Southern California, Arcadia physicians accessed diagnostic information from medical devices without the knowledge of the facility's information technology (IT) department. When hospital administrators found out, they took action to safeguard its medical devices because they knew the next incident involving the access of patient data might not be so benign, according to an article on the Health Facilities Management website.
Methodist Hospital began implementing safeguards two years ago. It hired an outside firm to develop an integrated systems management (ISM) program, which greatly reduces vulnerability of its more than 6,000 medical devices to cyber-attack.
"Not many hospitals have put a concerted effort toward addressing the risks of cybersecurity of medical devices. The Methodist program sets a great example that other hospitals can follow and in a very organized and methodical way," Jim Keller, vice president, health technology evaluation and safety, ECRI Institute, said in the article.
The program includes performing a rigorous 57-question, risk-assessment inspection of each new and existing medical device at the hospital to determine how it stores, transmits and protects electronic patient information, according to the article. Another part of the risk-assessment involves interviewing the end user, whether it is a physician, nurse or other staff member, to see how he or she uses the device.
Read the article.
Cleanliness in Hospitals: Clinical Priority and Community Perception
Dana-Farber Receives $50M Gift for Planned Cancer Hospital
Clarinda Regional Health Center Reports Data Security Incident
Gaps in Nurses' Environmental Cleaning Knowledge Grow Amid Rising EVS Pressures
Ground Broken on the Southern Nevada Forensic Facility