01 Sep 2020

The Right Medical Device Integration Strategy Can Increase the Efficiency of Medical Device Security

By Christophe Dore

Long before COVID-19, cyberattacks were a problem in healthcare. In fact, a report from IBM estimates such data security incidents cost the industry $6.5 billion each year.1 COVID-19, however, has created new opportunities for cybercriminals who are eager to take advantage of employees working from home on unsecured networks and exhausted clinicians checking their emails in hospitals.

RELATED READING: How Clinicians Adopt Healthcare Technology

In a survey of healthcare information security professionals taken before the pandemic, a majority of respondents acknowledged that their organizations experienced a significant security incident.2 These attacks are popular because cybercriminals know the value of medical data and understand the numerous security vulnerabilities around healthcare organizations, and most importantly, how to exploit them.

How Medical Devices Are Affected

One of cybercriminals’ common goals in attacking hospitals is infiltrating the electronic health record (EHR), which contains a trove of financial and medical information. Another popular target is medical devices, which hospitals continue to implement at a steady rate.3 Hospitals and health systems have networked medical devices to, in part, help them move away from episodic patient vital signs monitoring to streamlined surveillance systems. The security environment regarding medical devices is highly variable across healthcare organizations. Medical devices implemented over the years may have varying security measures, depending on the age and sophistication of the equipment. Regardless of the age of a device, each has a different set of security requirements, mainly because each device uses the hospital IT network differently. As a consequence, the higher variety of devices in a hospital’s fleet, the more complex securing the whole fleet becomes.

The mobility of devices is also a concern. Numerous devices can be used in different places in the hospital and on different sub-networks, which can also increase the complexity of security management. The increase in complexity elevates the risk for unknown cracks in the cyber-shield, which are the prime targets for malicious hackers.

Risks During Surgery

The risks posed by this lack of security standardization and consistency are apparent across the hospital, even the operating room. More than 200 million surgeries are performed worldwide every year,4 many of which require general anesthesia. That is why there was such great concern in 2019 when a security flaw in one major manufacturer’s anesthesia devices was disclosed that enabled cybercriminals to easily access the equipment once inside a hospital’s network. The device allowed the infiltrator to make a wide range of adjustments such as silence primary alarms, unbeknownst to clinicians in the operating room, putting the patient’s safety at risk. Securing the device properly offered hospitals two rather challenging options:

  1. network segmentation, which can be a complex and time-consuming process;
  2. remove the device from the network and allow the hospital to lose valuable data that can be analyzed with data from other devices and the EHR to drive safer procedures with better outcomes.

A third option, which was chosen by some hospitals and health systems in light of the discovered vulnerability, was to connect their medical device network to Capsule Technologies’ Medical Device Integration Platform (MDIP) using Capsule Neurons. Capsule MDIP enables hospitals to consolidate their medical device integration around a single system with a single set of security parameters, instead of a wide variety based on the device or sub-network. This keeps security simple, allowing to focus on one system (MDIP) regardless of the complexity of the medical device fleet, It also makes it scalable, enabling organizations to expand their medical device integration faster and easier on the MDIP with Neurons, as adding new medical devices does not require to add specific security controls for these devices – the secured MDIP takes care of this.

A Secure Medical Device Integration Strategy

Supported by MDIP, hospitals can confidently pursue medical device integrations and reap the inherent quality of care and efficiencies. The automated electronic data collection from these devices helps consolidate, standardize, and integrate patient history with other contextual data to reveal health trends directly from the bedside. With clinicians offered a holistic view of their patients’ status and trajectories, they can spend more time with them, confident that their safety, devices and data are protected from cyberattacks. Connect with a specialist today to learn more about how to secure your healthcare data in your clinic or hospital.


Christophe Dore is the Cybersecurity Manager at Capsule Technologies, overseeing all aspects of Capsule’s cybersecurity strategy. He has been answering to the needs of organizations in several industries in understanding and positioning themselves versus cybersecurity challenges since 1995, when he supported the development and deployment of the first web applications in the then nascent Internet as an expert for NeXT Software, a company lead by Steve Jobs.

Browse great content about HTML coding in our blog section. You will find great tips on how to implement user-friendly features in your website.

Medical Device Data: Empowering Clinicians and Improving Outcomes

Download
1
https://www.beckershospitalreview.com/cybersecurity/ibm-the-average-cost-of-a-healthcare-data-breach-up-to-6-5m.html
2
https://www.himss.org/himss-cybersecurity-survey.
3
https://www.prnewswire.com/news-releases/the-medical-device-market-is-expected-to-reach-an-estimated-432-6-billion-by-2025–and-it-is-forecast-to-grow-at-a-cagr-of-4-1-from-2020-to-2025–300980092.html
4
https://www.healthcaredesignmagazine.com/trends/research-theory/designing-a-safer-or/