Healthcare News & Insights

Medical device threats: New frontier of cybersecurity risk

You already know your hospital’s IT infrastructure is vulnerable to data breaches, but there could be even more insidious ways for hackers to attack patients. One of those methods may involve accessing the medical devices used to treat your patients.  

A recent study from the University of California’s Cyber Team found patients may experience adverse events from compromised healthcare infrastructure, reported Healthcare IT News (HIN).

The survey revealed between 100 and 1,000 patients at several organizations experienced these adverse events as the result of ransomware, malware, compromised electronic health record systems or facility attacks.

Device malfunctions

These adverse events are connected to medical device malfunctions as a result of cybersecurity attacks. Device malfunctions can cause inappropriate or ineffective treatment, or more severe consequences.

For example, if a patient’s pacemaker gets hacked, it could malfunction and send electricity to the person at the wrong times, which could lead to serious injury – or even death.

Most providers wouldn’t be able to tell that a device was hacked or know what to do with the hacked device. And few facilities offer training or information on medical device hacks, since it’s believed to be such a rare problem.

We rely on an incredible amount of technology to care for patients and trust the technology implicitly to care for our patients,” Jeffrey Tully, a UC Davis researcher and pediatrician, told HIN. “Healthcare cybersecurity is no longer really a compliance issue.”

“It’s not only a protecting patient health information issue,” Tully continued. “Healthcare security is a patient safety issue.”

Steps to take

You may not have the resources to devote to specific training on medical device security. But including medical devices as possible vulnerabilities when training staff members on cybersecurity risks helps employees think about the types of attacks hackers or other criminals may use.

Continue investing in your hospital’s IT infrastructure, and encourage IT staffers to consider ways to beef up security for medical devices. Have IT regularly test medical devices for any vulnerabilities, and maintain regular patching and software updates when you hear of flaws that could impact those devices.

If your budget allows it, update and upgrade your organization’s medical devices, as old or out-of-date machines are easier for hackers to break into.

Beyond jeopardizing patient info, attacks on medical devices can be deadly. Reframing device vulnerabilities as a patient safety issue rather than a security concern may make it easier to get the resources you need to protect patients from harm.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.