Skip to Content



Medical device security: Don’t put patient care at risk

January 7, 2020 Article 1 min read
Advances in medical devices can improve patient care, but they often lack critical cybersecurity controls and carry risks to patients and healthcare organizations alike. Here are four steps to help your organization mitigate them.
Doctor working on medical deviceAs medical device advancements start to shape the world of medicine, what do we do with the devices that are currently in use but lack critical cybersecurity controls? In the United States today, there are 10–15 million medical devices deployed. The majority of them are interconnected, web facing, and running legacy software that’s no longer supported by the vendor. There are three main risks posed by unsecure, connected medical devices:
  1. They can become unavailable to deliver patient care.
  2. The device integrity can be compromised (meaning we can no longer rely on the device readings).
  3. Hospital networks can be infiltrated by unsecured medical device connections, which can lead to the exfiltration of confidential patient data.

When trying to get a handle on your medical device landscape, there are a few key steps you should take. First, complete a medical device inventory. You can’t protect what you don’t know you have.

In the United States today, there are 10–15 million medical devices deployed. The majority of them are interconnected, web facing, and running legacy software that’s no longer supported by the vendor.

Second, conduct a thorough risk assessment to identify any and all threats posed to the hospital environment as a result of the deployed devices. Third, develop and implement controls to reduce the threats to an acceptable level. Finally, and arguably most importantly, continuously monitor effectiveness of the controls implemented and update as necessary.

You can never have 100% protection from the threats out there, but these steps can help you and your organization to reduce risk. I recommend you begin today.

Related Thinking

April 29, 2022

Cybersecurity for the entire family: Five surprising ways kids and adults get hacked

Article 9 min read
April 12, 2022

Six considerations to strengthen your cybersecurity program in 2022

Article 4 min read
April 11, 2022

Hiring cybersecurity talent? Five things you should know

Article 2 min read