|
||
|---|---|---|
|
Fighting to safeguard medical devices, patient data Medical devices, including pacemakers and insulin pumps, have transformed how patients manage and receive treatment for health conditions. However, as technology advances, efforts to protect the security of these medical devices require constant vigilance. “Safeguarding connected devices is a significant challenge across all industries; however, when these devices are responsible for human lives and patient well-being, this is a health care issue that must be taken head-on industrywide,” said Brent Cieszynski, Blue Cross Blue Shield of Michigan’s chief information security officer. “Cybersecurity needs to become an integral part of engineering and product development processes in an ‘always on-always connected’ product ecosystem.” Updating medical devices Medical devices run software that also needs regular updating. However, the infrastructure to manage information technology varies widely. If a device is incompatible with computer system upgrades, it may cause unintentional malfunctions. Medical devices are also managed through computer networks, which require enhanced security measures to ensure hackers can’t access sensitive medical information. If these medical devices, such as MRIs and ultrasound machines, malfunction or data isn’t available, procedures and treatments can be disrupted and patients can be put at risk. Help for health care providers The U.S. Food and Drug Administration works aggressively to reduce cybersecurity risks as pacemakers, insulin pumps and MRI machines become more advanced. The FDA regulates medical devices and provides guidance to help ensure manufacturers develop and maintain products that are cyber-secure. The FDA’s medical device guidelines* help health care organizations identify software vulnerabilities and make better-informed decisions regarding security protocols. If the FDA identifies a perceived risk, it may issue a “safety communication”* with steps for patients, health care providers and manufacturers to follow. The health care industry is acting quickly to comply with FDA regulations by implementing new technology to protect medical devices and patient information. Also, manufacturers must make certain changes before legally marketing their medical devices. Resources to combat cyberattacks There are cases of cyberattacks in which ransomware has been used against hospitals, temporarily preventing access to electronic health records. According to a survey of IT professionals, more than 1 in 3 health care organizations globally reported being hit by ransomware* in 2020. In fact, the industry experienced a 45% uptick* just since November 2020, according to HealthITSecurity. Moreover, from January 2016 to December 2021, 374 ransomware attacks* on U.S. health care delivery organizations exposed the personal health information, or PHI, of nearly 42 million patients. As the threat and sophistication of cyberattacks against medical technologies continue to rise, so does the need for increased safeguards. The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency developed an infographic* to show how cyber threats target medical devices and potential consequences. There is also a list of risk mitigation resources at the bottom of the graphic. The American Hospital Association developed the “Top Six Actions to Manage Hospital Cybersecurity Risks,”* which includes creating a core cybersecurity team and developing a cybersecurity investigation and incident response plan. Safeguarding sensitive data and patient safety is a team effort. *Blue Cross Blue Shield of Michigan doesn’t own or control this website. |
Blue Cross Blue Shield of Michigan and Blue Care Network are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association. |