Intermountain CISO Karl West: Consider cybersecurity in medical device purchase decisions

Medical devices need a thorough vetting by the cybersecurity team during the procurement process, according to Intermountain's CISO.

Medical devices have emerged as a critical cybersecurity risk in healthcare, in part because cybersecurity professionals haven’t been involved in purchasing decisions, according to one health system CISO. 

Although health information technology pros evaluate traditional information and networking systems, medical devices have escaped their scrutiny, Karl West, CISO at Intermountain Healthcare, told Tech Target. They must be involved in asset management, patching and vulnerability scanning, he said.

“Those are traditional cyber processes that exist in most organizations." 

RELATED: Healthcare organizations must address med device cybersecurity 'knowledge gap'

West also expressed concern about the onslaught of internet-connected devices that could provide clinicians with critical information but come with a broad range of cybersecurity concerns.  

RELATED: IoT may lead to more healthcare security challenges

This week, an updated advisory from the Department of Homeland Security revealed a small percentage of St. Jude Medical implantable cardiac devices and [email protected] transmitters were vulnerable to remote hacking. Last month, the Food and Drug Administration announced that the company had integrated a new software patch to address ongoing cybersecurity vulnerabilities and emphasized that there have been no instances of patient harm tied to the devices.