Cybersecurity threats to health systems are growing, posing potential risks to patient safety. However, most hospital cybersecurity strategies are focused on traditional information security, leaving medical devices exposed to vulnerabilities.
Effective cybersecurity hinges on a robust understanding of the importance of device inventory along with powerful analytics to guide clinical asset decision-making. The best way to maintain, optimize, and secure medical devices is through comprehensive clinical asset management, which integrates inventory visibility, resource allocation and planning and cybersecurity.
A June 2021 FDA report characterized the threat in stark terms saying it has “the potential to result in patient harm such as illness, injury, or death as a result of delayed treatment or other impacts to medical device availability and functionality.”
While the FDA continues to raise awareness of the risks and suggests new steps for manufacturers and others to help thwart hackers, the burden lies with health systems. Remote use of critical-function infrastructure is rising as devices are increasingly connected to the internet.
Also escalating is ransomware, which in 2021 alone disabled a health system, disrupted a hospital for weeks, and interfered with actual treatment versus simply holding electronic health records ransom. “Cybersecurity,” the report said, “is crucial for medical device safety and effectiveness.”
Consider leveraging the NIST Cybersecurity Framework Core as a basis for your cybersecurity program. The framework outlines five basic functions to organize medical device cybersecurity efforts and serves as a solid foundation in which to begin.
The Cybersecurity Framework Core is strengthened when supported by comprehensive clinical asset management because:
A comprehensive asset management process can complete an effective cybersecurity program by providing answers to three critical questions:
Cybersecurity protocols alone cannot help guide decision making. Full inventory visibility must flag devices that present cybersecurity risks. Data and informatics on device optimization can help guide purchasing decisions by noting which devices should be replaced, upgraded or disposed of.
Click here for more information and research on why cybersecurity hinges on far more than identifying risks.