Protecting medical devices from cybersecurity threats
Medical devices capable of transmitting health information and connecting to Michigan Medicine’s networks offer improvements to the effective delivery of patient care, but they also may introduce privacy and security concerns.
Michigan Medicine’s Information Assurance (IA) program has been raising awareness of these concerns and developing new approaches to address these vulnerabilities.
As a major step, Michigan Medicine is partnering with CyberMDX, a leader in health care threat prevention, to provide a “touchless” security solution that will monitor, analyze and categorize the vulnerabilities posed by connected medical devices.
The state-of-art partner offers constant monitoring, providing a kind of “cybercrime shield” poised to identify any unusual or suspicious behavior.
“Using these new solutions to help support our medical devices is a big step toward better ensuring their safe use, availability and security” said Michigan Medicine Chief Information Security Officer Jack Kufahl. “We are guided by the Federal Drug Administration’s (FDA) Safety Action Plan to protect patients, their information and our systems. Their device oversight plan provides benchmarks, but to meet them, we need to become more observant and responsive to those challenges.”
IA and Health Information Technology & Services (HITS) will implement the new medical device security solution in four stages over the next year and a half. By the end of summer 2019, the project plans to complete initial setup and to begin deployment of patient monitoring devices.
The device solution is an important example of the impact that IA is having within the clinical enterprise and one that demonstrates the importance of securing Michigan Medicine’s entire inventory of devices within a threat landscape that is becoming more sophisticated every day.
To learn more about cybersecurity for medical devices, see the following:
- Report on Improving Cybersecurity in the Health Care Industry (Health Care Industry Cybersecurity Task Force, June 2017)
- Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health (US Food & Drug Administration, April 2018)
- A CISO’s Advice for Securing Connected Medical Devices (Healthcare IT News, May 16, 2018)
- The Fight to Secure Vulnerable Medical Devices from Hackers (“Intelligencer,” NY Magazine, August 20, 2018)
- Medical Device Security Best Practices from Mayo Clinic (Audio interview, ISMG Network, October 31, 2018)