Protecting Medical Devices from Cyber Security Threats

Modern medical devices fall into the category of the Internet of Things. Many devices including heart rate monitors, blood pressure monitors, and others send patient information to a health care portal. Doctors and other professionals can access the information, monitor trends, and make informed decisions about patient care. Unfortunately, these connected devices may also represent a potential entryway for cybercriminals.

The Risk of Health Care Information Security Vulnerabilities

Connected medical devices require cybersecurity protections. These devices may serve as a backdoor into health care networks and compromise the private, HIPAA-protected records of thousands of patients. In addition to threatening private information, cybercriminals who use medical devices to gain access to a facility’s network may shut down the entire operation.

In early 2016, a hospital in California experienced the risks of vulnerability firsthand. Hackers accessed the computer network and locked down all of the hospital’s medical records. The hospital paid the hackers $17,000 to regain entry to their system. This case of ransomware serves as one example of what cybercriminals can do if they can access a care facility’s network.

Who is Responsible for Medical Device Security?

In the health care field, everyone who interacts with medical devices plays a role in cybersecurity activities. Nurses and other medical professionals must safely and responsibly access medical device information on health care systems. Medical IT teams must develop protections for health care networks and connected medical devices. Medical device makers should secure their products from cyber threats, and health care providers should verify the safety of medical devices and tools they purchase.

4 Tips for Improving Medical Device Security

Medical device makers and health care facilities that purchase medical devices can improve their current security strategies using these tips:

1.     -  Evaluate the current risk level of the device and/or its connected environment. Continually test for vulnerabilities that may threaten patients or a health care facility. 

2.      - Monitor FDA guidelines for medical device manufacturing. The FDA requires medical device makers to monitor and address security problems within their devices. Health care facilities should look for FDA approvals from all medical device vendors.

3.     - Train all users on cybersecurity best practices. Anyone who interacts with a medical device should understand the risks and best practices associated with using the device.

4.      - Follow or join relevant security associations. The Healthcare Information and Management System Society, for instance, offers a resource network for health care IT professionals.

Education, risk assessment, and continual optimization can significantly decrease the cyber risks associated with medical devices. As more devices connect to internal and external networks, health care providers must prioritize the security of all devices and network ecosystems.