Blog

Manufacturers and providers – Superheroes in fighting healthcare cybercrime

More and more medical devices are wirelessly connected to the Internet and also to healthcare facility networks and their respective sensitive devices

By Travis Horstman / Special to Healthcare Facilities Today


When you consider that connected* (wireless) medical devices are essentially small computers on a network, it’s not surprising that hackers and other malicious actors would try to compromise them for any number of reasons.
More and more medical devices are wirelessly connected to the Internet and also to healthcare facility networks and their respective sensitive devices.
The proliferation of these devices is truly remarkable and a testament to the manufacturers of these pumps, monitor, diagnostic, imaging and other portable or nonportable devices and equipment. There is no doubt their healthcare technology breakthroughs significantly improve hospital efficiency and levels of care.Connected medical device technology provides significant advantages.
In the hospital, it allows for more patient mobility, improves information sharing and enables centralized station monitoring. Outside the hospital, wearable or implantable connected devices allow for proactive or reactive healthcare monitoring. This can minimize the need for office visits while technicians maintain a finger on the pulse of the health of their patients (nearly literally!) and the performance of life-sustaining devices.
This kind of hardware, however, comes with the inevitable risk of security breaches.That’s why during 2019, both the Department of Homeland Security (DHS) and the Food and Drug Administration (FDA) issued advisories and warnings about vulnerabilities in medical devices that make them susceptible to service disruption and cyberattacks.Why would someone try to access connected medical devices and disrupt patient care or access hospital care systems? It almost seems silly to ask that question.
Hackers do it for the same reasons they target corporations or troll every person who accesses the Internet through their personal devices – from computers to Siri to doorbells:
  • to demand ransom
  • to deny service
  • to steal trade secrets
  • to gain entry to a larger system
  • to access confidential information
  • to commit an act of terrorism
  • just to see if they can
Attackers may attempt to take healthcare networks hostage, demanding large ransoms (paid in cryptocurrency) before they relinquish control. Other threat actors may simply be interested in copying outpatient information and selling it on the Dark Web.
 
 Such activities are commonplace in the corporate world, but the healthcare industry is even more critical – people rely on it for their very lives. Nation-state actors in the future may trick a pharmacy database into discretely changing a prescription dosage, prevent an alarm state on a patient’s vitals monitor or alter a medical diagnostics report.Such attacks, as of this writing, are unheard of, but they’re not very far away. 
 
The healthcare industry is responding to these threats by creating new healthcare cybersecurity certifications for security professionals in the healthcare industry, implementing minimum technical safeguards for patient data and working with government experts to manage risk and report problems that do exist.Wireless devices aren’t going away.
 
Society and the FDA have made it clear that their benefits outweigh the risks, including healthcare cybersecurity risks. That means manufacturers and caregivers both have a role to play in reducing healthcare cybersecurity risks to protect patients and the IT systems in and outside of the healthcare facility. It’s great to see how both parties are clearly embracing that critical obligation. 
 
More than ever, manufacturers are taking responsibility for their products throughout their lifecycle – not just in the development/design phase (where they integrate state-of-the-art cybersecurity features and minimize the use of off-the-shelf software), but also in post-market management of their devices as they deliver system patches and updates (for years and even decades) that anticipate or react to cybersecurity vulnerabilities. (The update process comes with its own set of risks, however, as this article points out.) 
 
Similarly, healthcare facilities are increasingly vigilant to incorporate manufacturers’ upgrades and instructions, maintain high levels of network security, pay close attention to advisories from manufacturers and government regulators and maintain risk management plans.
 
Both do a remarkable job, and while it will never be possible to reduce the level of connected device cybersecurity risk to zero, everyone has a vested interest in staying one step ahead of the cybercriminals.* “connected” refers to connection to a system through wireless technology. Physical proximity to the connected device is not needed in order to access (or tamper) with it
 
Travis Horstman is oneSOURCE’s Biomedical Account & Safety Manager, providing operational support and specialized assistance to the Biomedical database team. 
 


June 3, 2020


Topic Area: Information Technology


Recent Posts

Disinfectant Dispensers in Healthcare Facilities Often Fail to Deliver Safe Concentrations: Study

Study of 10 hospitals finds 90 percent have at least one dispenser delivering disinfectants at incorrect concentrations.


Duke University Health System Receives $50 Million for Proton Beam Therapy Center

The donation is the largest philanthropic gift received by Duke University Health System.


UT Southwestern Experiences Data Breach Through Calendar Tool

The incident occurred in October.


Protecting Patient Data: Strategies and Tactics

As cyber threats and breaches grow, healthcare organizations and facilities need a better approach to cybersecurity.


Duke Health to Acquire Lake Norman Regional Medical Center

The closing is projected for the first quarter of 2025.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.