Medical devices have emerged as a critical cybersecurity risk in healthcare, in part because cybersecurity professionals haven’t been involved in purchasing decisions, according to one health system CISO.
Although health information technology pros evaluate traditional information and networking systems, medical devices have escaped their scrutiny, Karl West, CISO at Intermountain Healthcare, told Tech Target. They must be involved in asset management, patching and vulnerability scanning, he said.
“Those are traditional cyber processes that exist in most organizations."
This week, an updated advisory from the Department of Homeland Security revealed a small percentage of St. Jude Medical implantable cardiac devices and Merlin@Home transmitters were vulnerable to remote hacking. Last month, the Food and Drug Administration announced that the company had integrated a new software patch to address ongoing cybersecurity vulnerabilities and emphasized that there have been no instances of patient harm tied to the devices.