Medical device security vulnerabilities can leave healthcare organizations exposed to malicious hackers and patient safety risks. Out-of-date devices, unpatched vulnerabilities, and the sheer quantity of medical devices on an organization’s network and implanted in patients present numerous security challenges.
However, to Elizabeth Butwin Mann, Americas Life Sciences and Health Cybersecurity Leader at EY, clear and open communication between patients, providers, and manufacturers, along with actionable risk management strategies, can help healthcare organizations manage medical device security threats. Fortunately, there have been no reports of patient harm as a result of medical device security vulnerabilities. However, threat actors may be able to manipulate medical devices to inflict harm if vulnerabilities are left unpatched. “To anybody who represents a healthcare institution, patient safety is always first and foremost,” Mann explained. “If there was a threat to patient safety, we would be extremely concerned. But there are other reasons why a threat actor might come after these devices. One of those reasons could be to access the hospital network or the network on which that device exists. Threat actors could potentially land on a network, gain access to other services, take personal data, and interrupt the functionality of a network.”
Provider and patient education and communication are crucial to mitigating risk, Mann suggested. Providers should be able to recognize the signs of suspicious activity on medical devices; however, it is also the responsibility of the device manufacturer to clearly communicate risks to patients. Direct-to-consumer communication can help to take some pressure off providers and ensure that patients are getting vital information about the devices they rely on.
Threat sharing and collaboration are key tenets to maintaining medical device security and mitigating risk. All healthcare providers are unified by their goal of protecting patients from harm. “When the industry bands together, you can learn about strategies that some of the institutions that are better funded have achieved. At the end of the day, there’s competition and commercial concerns, but the reality is that patient safety is at the center of it,” Mann emphasized.
REFERENCE: HEALTHCAREEXEC INTELLIGENCE -xtelligent HEALTHCARE MEDIA; 29 NOV 2021; Jill McKeon