IT departments must ensure security of medical devices

October 26, 2022
Access Tech: Do you rely on a medical device? How secure is your device?

Industry experts have been apprehensive about the cybersecurity vulnerabilities posed by the increasing number of IoT medical devices. Wearable devices are rushed to market with little thought to cybersecurity. Medical facilities that come under cyberattack can experience real-life, tangible consequences, as was the case at a Des Moines hospital when a three-year-old child was given the wrong dose of medicine after a cyberattack knocked the hospital’s systems offline. IT departments must make it a priority to update and enhance the security of medical devices. 

Unpatched medical devices 

Medical device software can last years and what was once considered robust defense is now outdated. All medical devices – old and new – need to be scrutinized and secured. IT departments that manage medical device security could be on the hook for hefty HIPAA and regulatory fines and penalties if a breach happens on an unsecured device. The FBI recently published a warning about the realities and severity of unsecured and unpatched medical devices: 

  • 53 percent of connected medical devices and other internet of things (IoT) devices in hospitals had known critical vulnerabilities.   
  • Medical devices susceptible to cyber-attacks include insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers, and intrathecal pain pumps.  
  • There is an average of 6.2 vulnerabilities per medical device, and recalls were issued for critical devices such as pacemakers and insulin pumps with known security issues 
  • More than 40 percent of medical devices at the end-of-life stage offer little to no security patches or upgrades. 

Take Action 

IT departments are advised not to ignore medical device security. Take an inventory of all medical devices under your supervision. Once you have a list of all the medical devices under your purview, a plan needs to be developed to patch and monitor each device. 

The FBI recommends additional steps, which include: 

  • Endpoint Protection: If supported by the medical device, use antivirus software on an endpoint. If not supported, provide integrity verification whenever the device is disconnected for service and before it is reconnected to the IT network. 
  • Vulnerability Management: Work with manufacturers to help mitigate vulnerabilities on operational medical devices. 
  • Training: Implement required training for employees to identify and report potential threats. 

We at Access Tech know how secure your personal data should be kept. Let us help you find peace of mind through our expertise in security. Contact us at Access Tech. We can help assess your business’ security and find where the holes are, and how to patch them. We have been helping businesses for years connect business strategy with IT solutions.    

For more information, SmarterMSP’s FBI warns of unpatched medical devices

For more insights on this topic: