Why Cybersecurity Should be a Top Priority for Every Hospital
Date : December 1, 2021
Hospitals everywhere have hundreds of different devices that require connections to the World Wide Web. This includes everything from robotic surgery devices to patient monitors- and everything in between. Governments, pipelines, food processors, and yes- even healthcare systems have all fallen victim to hackers and ransomware. It is an issue facing modern society everywhere.
The US Food and Drug Administration (FDA) has decreed that both manufacturers and hospitals share responsibility for protecting their devices- and patients- from cybersecurity threats, according to a major article on the subject in Medtech Dive. One of the most serious problems has to do with gear still using outdated operating systems no longer supported by software updates. These devices are far more vulnerable to attacks.
Another issue of concern is that even when software updates are released to correct potential cybersecurity issues, many institutions do not perform the updates. According to the report, some gear being used today is over 3-decades old- still running on outdated programs- easy targets for criminals!
While currently there is disagreement between manufacturers and hospitals as to responsibility for keeping devices safe, the FDA is working on solutions.
From the article:
"FDA's recent Medical Safety Action Plan states that the agency plans to consider new pre-market authority requiring manufacturers to build capabilities to update and patch device security into product design, while providing a Software Bill of Materials that identifies the third-party components in a device so that end users can better manage the cyber risks. The agency's plan also included consideration of new post-market authority to require manufacturers to adopt policies and procedures for coordinated disclosure of vulnerabilities when they are identified."