Computer users have been concerned about viruses since the dawn of the Internet. Today, given the ubiquity of Wi-Fi and smartphones, those concerns have multiplied.
Malware is a threat to banking, utilities, defense, national security…and healthcare. Anti-virus programs aren’t enough to stop data theft, tampering and destruction, particularly given the sophistication of today’s networked medical devices and electronic medical records systems. And the sophistication of those who are determined to hack into those systems has never been greater.
Hence cybersecurity, which the U.S. Food and Drug Administration defines as “the process of preventing unauthorized modification, misuse or denial of use, or the unauthorized use of information that is stored, accessed or transferred from a medical device to an external recipient.”
As hospitals and IDNs face this issue, chances are contracting executives will get involved.
“There are various measures that healthcare facilities should undertake to address their cybersecurity vulnerabilities,” says Timothy Wong, project engineer, Health Devices
Group, ECRI Institute. Some examples:
- Limit network access to medical devices by using firewalls or virtual local area networks, or VLAN.
- Have appropriate access policies to medical devices in place and ensure that they are being actively followed.
- Keep up with the latest updates and patches for OS and anti-malware software.
- Establish tight controls for medical device password access.