Skip to Content

Medical device security: Don’t put patient care at risk

January 7, 2020 Article 1 min read
Advances in medical devices can improve patient care, but they often lack critical cybersecurity controls and carry risks to patients and healthcare organizations alike. Here are four steps to help your organization mitigate them.
Doctor working on medical deviceAs medical device advancements start to shape the world of medicine, what do we do with the devices that are currently in use but lack critical cybersecurity controls? In the United States today, there are 10–15 million medical devices deployed. The majority of them are interconnected, web facing, and running legacy software that’s no longer supported by the vendor. There are three main risks posed by unsecure, connected medical devices:
  1. They can become unavailable to deliver patient care.
  2. The device integrity can be compromised (meaning we can no longer rely on the device readings).
  3. Hospital networks can be infiltrated by unsecured medical device connections, which can lead to the exfiltration of confidential patient data.

When trying to get a handle on your medical device landscape, there are a few key steps you should take. First, complete a medical device inventory. You can’t protect what you don’t know you have.

In the United States today, there are 10–15 million medical devices deployed. The majority of them are interconnected, web facing, and running legacy software that’s no longer supported by the vendor.

Second, conduct a thorough risk assessment to identify any and all threats posed to the hospital environment as a result of the deployed devices. Third, develop and implement controls to reduce the threats to an acceptable level. Finally, and arguably most importantly, continuously monitor effectiveness of the controls implemented and update as necessary.

You can never have 100% protection from the threats out there, but these steps can help you and your organization to reduce risk. I recommend you begin today.

Related Thinking

Business professional discussing the future of automation during a CPE-eligible webinar.
Nov. 28, 2023

Maximizing your use of the Plex supplier portal

Webinar 1 hour watch
Three business professionals in a conference room assessing their Microsoft 365 cybersecurity protection
November 15, 2023

Assess your Microsoft 365 cybersecurity protection

Assessment 1 min read
Manufacturing professional learning about the importance of cybersecurity.
October 24, 2023

Manufacturing cybersecurity and the rise of ransomware

Article 5 min read