As medical device advancements start to shape the world of medicine, what do we do with the devices that are currently in use but lack critical cybersecurity controls? In the United States today, there are 10–15 million medical devices deployed. The majority of them are interconnected, web facing, and running legacy software that’s no longer supported by the vendor. There are three main risks posed by unsecure, connected medical devices:
- They can become unavailable to deliver patient care.
- The device integrity can be compromised (meaning we can no longer rely on the device readings).
- Hospital networks can be infiltrated by unsecured medical device connections, which can lead to the exfiltration of confidential patient data.
When trying to get a handle on your medical device landscape, there are a few key steps you should take. First, complete a medical device inventory. You can’t protect what you don’t know you have.
Second, conduct a thorough risk assessment to identify any and all threats posed to the hospital environment as a result of the deployed devices. Third, develop and implement controls to reduce the threats to an acceptable level. Finally, and arguably most importantly, continuously monitor effectiveness of the controls implemented and update as necessary.
You can never have 100% protection from the threats out there, but these steps can help you and your organization to reduce risk. I recommend you begin today.
