Medical Device Vendors: What Execs Need to Ask

share Share

Healthcare providers need to step up measures to protect health data as medical devices remain vulnerable to cyberattacks, according to tech experts.

“Ransomware attacks against medical devices are going to continue to grow like crazy in the coming months and years because most of the connected medical devices are not being secured properly,” said Mandeep Khera, chief marketing officer at Arxan Technologies, a cybersecurity vendor whose specialities include the Internet of Things in healthcare.

To enhance protection of sensitive patient information, Khera says hospitals executives – i.e., CIOs and CISOs – need to be asking these questions to medical device manufacturers: What types of security have you built into the device? Have you conducted penetration testing on it and what were the results? What is your process for distributing security updates and patches?

These are all questions to be answered ahead of a cyberattack or serious threat, he points out.

In addition, conducting security audits can help hospitals to determine the value of legacy systems and calculate the risk of keeping them against the cost of replacement. If securing an older medical device that still delivers value, for instance, will cost $500,000 but only reduce the risk by half, that can be hard to convince CFOs to sign-off on, explains Roy Wyman, partner at Nelson Mullins Riley & Scarborough in Nashville, Tennessee.  

Patient education is also important, because most are not aware of security issues specific to medical devices.

“As we start to see more and more of these types of attacks, patients will get more savvy,” says Khera. “It will take some time. Famous patients like Dick Cheney know how to ask the right questions: ‘If there is no security behind this, I don’t want this to be connected with my pacemaker.’ Common users have no idea what questions to ask. Hospitals need to educate these patients so they know if they are secure or if there is a risk.”

While many medical device manufacturers have thus far missed the mark on security, most are now improving but it’s still up to hospital customers to keep their vendors accountable, Khera notes.

Source: Healthcare IT News
Image Credit: Pixabay

«« Improving Cybersecurity Through Public-Private Coordination

eClinicalWorks' Breach - Tip of the Iceberg? »»

Published on : Mon, 12 Jun 2017

Related Articles

The "dark web" is something hidden from most users of the internet. This is because the dark web lies within what is known as... Read more

Communications giant Nokia, in collaboration with OP Financial Group, has started a blockchain pilot to explore new opportunities... Read more

Cybersecurity of medical devices is on top of ECRI Institute's 2018 list of top 10 challenges facing healthcare. And experts... Read more

Medical Devices, cyberattacks, health data, Medical Device Vendors Healthcare providers need to step up measures to protect health data as medical devices remain vulnerable to cyberattacks, according to tech experts.

No comment

Please login to leave a comment...