Analysis

Networked medical device cybersecurity and patient safety

Perspectives of health care information security executives

​Health care information cybersecurity executives discuss their challenges, activities, and thoughts about networked medical device governance, risk management and cybersecurity.

Networked medical device governance, risk management and cybersecurity

Networked medical devices and other mobile health (mHealth) technologies are a double-edged sword: They have the potential to play a transformational role in health care but also may be a vehicle that exposes patients and health care providers to safety and cybersecurity risks such as being hacked, being infected with malware and being vulnerable to unauthorized access.

Patient safety issues — injury or death — related to networked medical device security vulnerabilities are a critical concern; compromised medical devices also could be used to attack other portions of an organization’s network.

Deloitte interviewed Medical Device Security Leaders (MDSLs) from nine health care organizations as part of a study on patient safety issues related to medical device security. The results show agreement among respondents about specific privacy and cybersecurity issues, organizational differences in preparedness levels and approaches and many shared opinions about future developments needed to support the industry.

This report:

  • Describes potential risks associated with networked medical devices
  • Reviews recent Food and Drug Administration (FDA) draft guidance on managing cybersecurity in medical devices
  • Examines Deloitte’s interview findings in three areas: governance, risk identification and risk management
  • Provides stakeholder considerations and a potential path forward.
Did you find this useful?