If you work in the healthcare IT sector, you’ll want to pay attention to a rising problem in the industry that could impact your business.
Because we live in a technology-based world, you know data breaches can come from anywhere and affect various devices. There are serious consequences for any data breach, but depending on what’s attacked, those consequences can get even more intense – and even potentially deadly.
A recent study from the University of California’s Cyber Team found people may experience adverse health events from compromised healthcare infrastructure, reported Healthcare IT News (HIN).
The survey revealed between 100 and 1,000 patients at several organizations experienced these adverse events as the result of ransomware, malware, compromised electronic health record systems or facility attacks.
These adverse events are connected to medical device malfunctions as a result of cybersecurity attacks. Device malfunctions can cause inappropriate or ineffective treatment, or more severe consequences.
For example, if a patient’s pacemaker gets hacked, it could malfunction and send electricity to the person at the wrong times, which could lead to serious injury – or even death.
Most healthcare professionals wouldn’t be able to tell that a device was hacked or know what to do with the hacked device. And few facilities offer training or information on medical device hacks, since it’s believed to be such a rare problem.
“We rely on an incredible amount of technology to care for patients and trust the technology implicitly to care for our patients,” Jeffrey Tully, a UC Davis researcher and pediatrician, told HIN. “Healthcare cybersecurity is no longer really a compliance issue.”
Steps to take
Your IT department may not have the resources to devote to specific training on medical device security. But including medical devices as possible vulnerabilities when training staff members on cybersecurity risks helps employees think about the types of attacks hackers or other criminals may use.
Continue investing in yourinfrastructure, and encourage employees to consider ways to beef up security for medical devices. Regularly test medical devices for any vulnerabilities, and maintain regular patching and software updates when you hear of flaws that could impact those devices.
If your budget allows it, update and upgrade your organization’s medical devices, as old or out-of-date machines are easier for hackers to break into.
Beyond jeopardizing private info, attacks on medical devices can be deadly. Reframing device vulnerabilities as a safety issue rather than just a cybersecurity concern may make it easier to get the resources you need to protect patients from harm.