When you’re in the market for new medical devices, you look at them through the eyes of a doctor and a patient. Will it make a difference in your patients’ lives? Will it make you a better doctor? With so many choices available, it’s easy to fill your office with options.
Yet anything technological has a darker side. Criminals look for ways in. They like medical data because there’s a big market for it. They know computers and security systems are well thought out, well protected. Why not find a way in with new technology, like the medical device you just picked up and brought in?
Why Medical Devices Are Targeted
Technology is at the center of the ever-growing medical device market. It’s currently valued at $542 billion and on track to grow to $887 billion by 2032. With a growing population suffering from a plethora of chronic diseases, technology will be at the heart of treatment options in the future.
Certain rules ensure medical device security, but they are vague at best. The FDA states manufacturers are responsible for securing their devices using different methods, yet not all manufacturers read this the same way. That leaves some more vulnerable than others.
Where To Start
The best place to start is by taking a hard look at your current medical devices. They are leaving you vulnerable to leaking data, allowing cybercriminals in, and possibly putting you at risk of HIPAA violations. Create a plan to update devices regularly, patch any existing vulnerabilities, and change passwords regularly.
As you update existing devices and invest in new technology, buy from vendors that value cybersecurity. One way manufacturers communicate security features is through an MDS Form. While not mandatory, it does provide a list of security features and answers questions about their approach to security. It answers more than 200 questions, including:
- How can each medical device be patched?
- Can the operator install patches independently, or does it all need to go through the vendor?
- Does the device have anti-malware software? If not, can the operator install it?
- What data is stored on the device? How is data transmitted to others?
- Does the manufacturer have a vulnerability disclosure program for this medical device?
- Can this medical device display, transmit, store, or modify personally identifiable information?
While relying on medical device vendors is a starting point, you need to know your security weaknesses. You can find them on your own using internal and external security scans, penetration tests, and intrusion detection systems.
Of course, you should also have your eye on HIPAA compliance. Having a team member designated as a compliance officer means they can ensure that every part of your systems, including new medical devices, is fully HIPAA compliant.
Secure Your Devices
We all know it’s important to secure medical devices. Leaving these devices vulnerable will put you, your patients, and your entire organization at risk.
Yet everyone approaches it differently. Are you happy with your current approach? Or does it need some refining? If so, we’re here to help.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.