The US mandates cybersecurity measures in new devices, but hospitals rely on legacy devices.
When hackers target healthcare systems, medical devices can be high-impact casualties.
Health-ISAC pulled quotes:
Efforts to keep medical devices secure have come in good faith but haven’t always been well thought out, cybersecurity nonprofit Health-ISAC (Information Sharing and Analysis Center) VP of Medical Device Security Phil Englert told us.
Rather than focusing on the narrow yet effective tactic of risk management, he said healthcare IT teams used to want to take a “Hippocratic stance” of just one bad outcome is too many.
“They wanted to manage all IT devices as if they were traditional IT devices, meaning every three years we’re replacing a laptop or a desktop and replacing the operating system,” Englert said. “That’s not always practical.”
In actuality, it’s common for properly maintained medical devices to remain in use for many years.
As a consultant, Englert recounted experiences walking through hospitals without being stopped and theoretically having access to multiple machines. In clinical labs, however, techs challenged him, showing that a culture for protection does exist around devices in some aspects of the healthcare system.
Putting the onus for basic security steps on the industry rather than care providers, Englert said, could be the key to securing devices.
“That allows the clinicians to do their job of patient care and allows technicians to do their job of monitoring the state of the devices,” Englert said.
Read the article in Healthcare Brew. Click Here
