From the January/February issue of HealthCare Business News magazine
By Ty Greenhalgh
The creation and deployment of lifesaving connected medical devices has rapidly expanded in the last few years, giving rise to the term Internet of Medical Things (IoMT).
Each device contains hardware, software, and sensors that gather, store, and transmit healthcare data and confidential patient information over health systems’ clinical network and across the Internet. Unfortunately, these online medical devices are weak links in the network security and have become increasingly attractive to cybercriminals, posing significant risk to patient safety and confidentiality.
While the FDA and HHS are working diligently with medical device manufacturers to increase the cybersecurity and resiliency of new devices, legacy medical devices are plagued with vulnerabilities. Most medical devices cannot support anti-malware to help protect the device and many are using outdated software like Windows 7. Manufacturers are delivering devices with default passwords and configurations to make them easy to access for remote support, but also easy to access by hackers. Traditional network devices like laptops and servers use industry standard protocols for communications, but IoMT devices have myriad unique protocols that traditional security tools cannot understand. Possibly the most compromising limitation is the inability to scan medical devices with traditional security software.
Midwest Hand Surgery Auction Closing 5/26 at 8PM. Hologic Fluoroscan Insight-FD Mini C-Arm, Nuvo Dual-Lamp Surgical Lighting System W/Control Panel, Ritter M11 Ultraclave Automatic Sterilizer & More! 2 Day Women's Treatment Center Auction Coming Soon!
Medical device risk management is evolving slowly, but securing them is incredibly complex. IoMT devices average 14 devices per bed, many of which are mobile, they can’t support anti-virus software, traditional security tools are ineffective, remote accessibility is built in, they run on outdated software, and the HTM, Security and IT departments are not operationally integrated.
Confidentiality, integrity and availability of patient data are paramount, and still breaches occur almost daily in healthcare. While impacting data is devastating to the patient and provider, compromised IoMT device integrity can be catastrophic. Emergency room doctors rely heavily on a CT scanner’s availability and integrity to quickly diagnose stroke patients and determine if a stroke is hemorrhagic or ischemic. A delayed or misdiagnosis due to a compromised CT scanner could easily result in loss of motor functions, brain damage, or even death.