Medical Device Vendors: What Execs Need to Ask
Healthcare providers need to step up measures to protect health data as medical devices remain vulnerable to cyberattacks, according to tech experts.
“Ransomware attacks against medical devices are going to continue to grow like crazy in the coming months and years because most of the connected medical devices are not being secured properly,” said Mandeep Khera, chief marketing officer at Arxan Technologies, a cybersecurity vendor whose specialities include the Internet of Things in healthcare.
To enhance protection of sensitive patient information, Khera says hospitals executives – i.e., CIOs and CISOs – need to be asking these questions to medical device manufacturers: What types of security have you built into the device? Have you conducted penetration testing on it and what were the results? What is your process for distributing security updates and patches?
These are all questions to be answered ahead of a cyberattack or serious threat, he points out.
In addition, conducting security audits can help hospitals to determine the value of legacy systems and calculate the risk of keeping them against the cost of replacement. If securing an older medical device that still delivers value, for instance, will cost $500,000 but only reduce the risk by half, that can be hard to convince CFOs to sign-off on, explains Roy Wyman, partner at Nelson Mullins Riley & Scarborough in Nashville, Tennessee.
Patient education is also important, because most are not aware of security issues specific to medical devices.
“As we start to see more and more of these types of attacks, patients will get more savvy,” says Khera. “It will take some time. Famous patients like Dick Cheney know how to ask the right questions: ‘If there is no security behind this, I don’t want this to be connected with my pacemaker.’ Common users have no idea what questions to ask. Hospitals need to educate these patients so they know if they are secure or if there is a risk.”
While many medical device manufacturers have thus far missed the mark on security, most are now improving but it’s still up to hospital customers to keep their vendors accountable, Khera notes.
Source: Healthcare IT News
Image Credit: Pixabay
Published on : Mon, 12 Jun 2017
Print as PDF