Skip to Content

Medical device security: Don’t put patient care at risk

January 7, 2020 Article 1 min read
Advances in medical devices can improve patient care, but they often lack critical cybersecurity controls and carry risks to patients and healthcare organizations alike. Here are four steps to help your organization mitigate them.
Doctor working on medical deviceAs medical device advancements start to shape the world of medicine, what do we do with the devices that are currently in use but lack critical cybersecurity controls? In the United States today, there are 10–15 million medical devices deployed. The majority of them are interconnected, web facing, and running legacy software that’s no longer supported by the vendor. There are three main risks posed by unsecure, connected medical devices:
  1. They can become unavailable to deliver patient care.
  2. The device integrity can be compromised (meaning we can no longer rely on the device readings).
  3. Hospital networks can be infiltrated by unsecured medical device connections, which can lead to the exfiltration of confidential patient data.

When trying to get a handle on your medical device landscape, there are a few key steps you should take. First, complete a medical device inventory. You can’t protect what you don’t know you have.

In the United States today, there are 10–15 million medical devices deployed. The majority of them are interconnected, web facing, and running legacy software that’s no longer supported by the vendor.

Second, conduct a thorough risk assessment to identify any and all threats posed to the hospital environment as a result of the deployed devices. Third, develop and implement controls to reduce the threats to an acceptable level. Finally, and arguably most importantly, continuously monitor effectiveness of the controls implemented and update as necessary.

You can never have 100% protection from the threats out there, but these steps can help you and your organization to reduce risk. I recommend you begin today.

Related Thinking

Cybersecurity professional on their laptop in a server room.
April 29, 2024

Bridging the widening cybersecurity skills gap

Article 5 min read
Professional photo of Angela Appleby in front of a blurred white and blue background.
April 26, 2024

Angela Appleby named a top CPA in America

In The News 1 min read
Shopper looking at products in grocery store aisle, considering SKU rationalization and accurate costing data.
April 22, 2024

The art of SKU rationalization: Getting accurate costing data

Article 5 min read