On Friday, a major cyber attack hit health systems around the world. In Britain, where the attack affected hospital IT systems, doctors were unable to access patient records. Ambulances were diverted and emergency care delayed.
Medical Systems Hacks Are Scary, but Medical Device Hacks Could Be Even Worse
Attacking hospital IT systems is just the tip of the iceberg when it comes to cyber vulnerabilities in the health care sector. Hacks of implanted or wearable medical devices are an even more sobering threat. For example, it’s possible to transmit life-threatening (if not fatal) signals to implanted medical devices such as pacemakers, defibrillators, and insulin pumps. There are, however, some basic steps that hospital CIOs can take to reduce their risk and protect patients, devices, networks, and data, from assessing device cybersecurity during procurement and requiring basic cyber hygiene to proactively accessing risks and patching vulnerabilities. IT managers should also stay alert and informed, since regulators are expected to release new guidance on mitigating these threats. But the FDA and others should go even further: there should be real penalties for health organizations that leave their patients’ devices vulnerable to hacking.