The cybersecurity of network-connected medical devices in the Netherlands
The importance of a sterile digital environment
Ever since the US 'Government Accountability Office' (GAO) published its report on the hacking of medical devices, this topic has enjoyed more attention. As most of this report relates to US research, Deloitte has initiated research into the security status of medical devices in the Netherlands.
Between late 2013 and early 2015 we conducted interviews on the cybersecurity of medical devices at 17 of the 82 Dutch hospitals. Heads of Medical Technology, Heads of IT, (Chief) Information Security Officers, Privacy Officers, medical specialists and doctors were asked about the cybersecurity of the medical devices in their hospitals. This report discusses the results of the interviews. Likewise, the lessons learned and the good practices that were identified over the last year are presented.
The results of this investigation show that the security of network connections are inadequate and therefore there is a chance of viruses penetrating medical equipment. How are hospitals able to guarantee the security of medical devices and thereby the safety of their patients?
Health care innovations are important
In our survey report we are certainly not opposed to the use of medical technology. Far from it. Technology hugely advances patients’ health care. But, we are strong advocates of factoring in privacy and cyber security when developing medical equipment. An MRI scanner is increasingly becoming a computer and it should be protected. This process already starts when it is purchased: look beyond the medical performance and check whether data can be sent using an encryption scheme and whether it is easy to replace the hard disk.
We can tackle this together: hospitals and suppliers. But patients, too, are entitled to demand a sterile digital environment. This is everybody's responsibility and we can only deal with this if each and every one of us is aware of the issue.
Do you want to know more on Medical Device Security? Please contact Jeroen Slobbe at +31 (0) 682019240