It only takes a few minutes browsing the Industrial Control Systems advisories from the Cybersecurity & Infrstructure Security Agency (CISA) to get an idea of the number of cybersecurity risks lurking in medtech.
Legacy medical devices face a number of risks, according to GlobalData. “The knowledge that many of our most critical devices are legacy devices and therefore too old to update is concerning,” shared Alexandra Murdoch, medical device analyst at GlobalData, in a news release. “The availability to update a device could be crucial to preventing cyberattacks. It’s important for patients’ safety that the industry invests in newer devices that will perform regular security updates.”
However, there are also risks as more and more connected devices come to market. “A Deloitte study expects that connected devices in health care systems will grow to 60-70% over the next five years. Devices that are retired will be replaced with newer, connected ones. As the number of connected devices grows, so too will the disruptions to patient safety," Doug Folsom, president, cybersecurity and chief technology officer, TRIMEDX, told MD+DI. "The danger of device hacks in causing the inability to treat patients is a growing risk, and one that cannot be overlooked. In 2022, there must be a real effort from healthcare systems to strengthen their network security through robust cybersecurity efforts."
Healthcare systems will need help to minimize all these risks. “The best solution is for hospitals and healthcare systems to implement a comprehensive cybersecurity solution that not only scans their network for vulnerabilities but also integrates with their central maintenance management system and ties all that data together, so they can best protect medical devices used for patient care," explains Kristi McDermott, president, clinical engineering at TRIMEDX. "In 2022, I believe having a comprehensive cybersecurity solution along with trained, professional clinical engineering leadership with trained technicians in that space are going to be required to protect the core mission of a healthcare system.”