Medical Device Vendors: What Execs Need to Ask

In IT
Mon, 12 Jun 2017

Healthcare providers need to step up measures to protect health data as medical devices remain vulnerable to cyberattacks, according to tech experts.

“Ransomware attacks against medical devices are going to continue to grow like crazy in the coming months and years because most of the connected medical devices are not being secured properly,” said Mandeep Khera, chief marketing officer at Arxan Technologies, a cybersecurity vendor whose specialities include the Internet of Things in healthcare.

To enhance protection of sensitive patient information, Khera says hospitals executives – i.e., CIOs and CISOs – need to be asking these questions to medical device manufacturers: What types of security have you built into the device? Have you conducted penetration testing on it and what were the results? What is your process for distributing security updates and patches?

These are all questions to be answered ahead of a cyberattack or serious threat, he points out.

In addition, conducting security audits can help hospitals to determine the value of legacy systems and calculate the risk of keeping them against the cost of replacement. If securing an older medical device that still delivers value, for instance, will cost $500,000 but only reduce the risk by half, that can be hard to convince CFOs to sign-off on, explains Roy Wyman, partner at Nelson Mullins Riley & Scarborough in Nashville, Tennessee.

Patient education is also important, because most are not aware of security issues specific to medical devices.

“As we start to see more and more of these types of attacks, patients will get more savvy,” says Khera. “It will take some time. Famous patients like Dick Cheney know how to ask the right questions: ‘If there is no security behind this, I don’t want this to be connected with my pacemaker.’ Common users have no idea what questions to ask. Hospitals need to educate these patients so they know if they are secure or if there is a risk.”

While many medical device manufacturers have thus far missed the mark on security, most are now improving but it’s still up to hospital customers to keep their vendors accountable, Khera notes.

Source: Healthcare IT News
Image Credit: Pixabay

«« Improving Cybersecurity Through Public-Private Coordination

eClinicalWorks' Breach - Tip of the Iceberg? »»

Medical Devices, cyberattacks, health data, Medical Device Vendors

Latest Articles

Decision-Making in the ICU
- Journal Article
- 19/04/2024
Decision-making in the ICU is a multifaceted process that involves clinical assessment, collaboration among multidisciplinary teams, ethical considerations, evidence-based practice, communication, and continuous adaptation to evolving clinical scenarios. Balancing the complex factors requires
READ MORE
Dealing With Uncertainty in ICU Decision-Making: A Practical Guide
- Journal Article
- 19/04/2024
When the stakes are high, and the path ahead is uncertain, the decisions made, especially if a patient continues to worsen, can be sources of self-torment and can haunt us for a long time. Our goal is to suggest ways to steer decision-making for intensivists in the face of uncertainty by prop
READ MORE
The Least Bad Decision: Crisis Standards of Care After the Pandemic
- Journal Article
- 19/04/2024
COVID-19 was an emergency that lasted for years and left few regions of the world untouched. The pandemic shone a spotlight on both the strengths and weaknesses of our disaster planning. What worked, what did not, and how can we better plan for future emergencies? The COVID-19 pandemic fo
READ MORE

Medical Devices, cyberattacks, health data, Medical Device Vendors Healthcare providers need to step up measures to protect health data as medical devices remain vulnerable to cyberattacks, according to tech experts.