Networked medical device cybersecurity and patient safety
Networked medical devices and other mobile health technologies are a double-edged sword: They have the potential to play a transformational role in health care but also may be a vehicle that exposes patients and health care organizations to safety and security risks. Among the unintended consequences of health care’s digitization and increased networked connectivity are the risks of being hacked, being infected with malware, and being vulnerable to unauthorized access.
Networked medical devices
As growing numbers of medical devices incorporate wireless capabilities and complex software, operate adjunct to wired medical devices in hospitals, health systems, and home-based care, the scope and nature of required security controls also changes. Information technology, compliance, and risk executives in health care organizations will need to be able to anticipate and address present and future medical device security risks to safeguard patient safety and protected health information.
To understand how health care providers are approaching these challenges, Deloitte interviewed stakeholders from nine health care organizations as part of a study on patient safety issues related to medical device security. The interview participants included representatives from Information Technology, Information Security, Clinical Engineering, and Compliance (collectively referred to in this report as Medical Device Security Leaders, or MDSLs).
The interviews were conducted between May and December 2012. Interviewees represented a broad range of US hospitals and health systems, and they discussed their activities and attitudes about networked medical device governance, risk management, and security. The results show widespread agreement about specific issues; organizational differences in preparedness levels and approaches, and many shared opinions about future developments needed to underpin the industry.