Stress-testing systems and devices
The need for more co-ordination between providers and manufacturers to deal with security concerns is a central plank of the response to new threats, particularly around medical device cyber security.
Organizations such as HIMMS convene security working groups highlighting best practices, responses and responsibilities, and the legal and regulatory framework in which issues must be addressed.
At Phoenix Children’s, regular security checks and simulated cyber-attacks are performed on medical equipment to test the robustness of systems and devices, to find where weaknesses might exist in their network.
“We have to keep one step ahead,” says Vinay Vaidya, Chief Medical Informatics Officer at Phoenix Children’s, “We have drills, we have exercises, we have phishing attacks that we launch internally to see and check for vulnerabilities in our system, and we want to keep one step ahead of the criminals, to safeguard the health of our children.”
It is critical for IT leaders to constantly assess their exposure. The US Food and Drug Administration’s (FDA) rules for cybersecurity are aimed at aiding manufacturers of medical devices in managing cybersecurity risks and call for manufacturers to create built-in security for all of their devices at all levels5.
Hospitals need assurance regarding the security and privacy protection of medical devices. As such, technology partners must be committed to rigorous and comprehensive security plans that assure patient data is safe and connected devices are cyber resilient.