House committee to examine cybersecurity risks of legacy technology in healthcare

Washington DC National Capitol Building
The House Energy and Commerce Committee is collecting information about cybersecurity vulnerabilities in legacy medical devices. (Getty/lucky-photographer)

An influential House committee is taking a deeper dive into the cybersecurity risks associated with legacy technology throughout the healthcare industry and asking for stakeholders to help policymakers establish possible solutions moving forward.

Calling healthcare cybersecurity a “complex, nuanced challenge with many different contributing factors,” lawmakers zeroed in on legacy devices as the “root cause” of many security incidents, according to a request for information (PDF) issued by the Energy and Commerce Committee last week.

The request acknowledged the simplest recommendation is to replace legacy technology with updated equipment. But the healthcare industry finds itself in a predicament with no easy solutions. Medical technology is more specialized with fewer replacement options for legacy devices. The cost of replacement is much higher than that of consumer technology, and for hospitals with thin operating margins, updating equipment often means sacrificing another portion of its budget.

Webinar

Home State Health Leverages Conversational AI to Activate Their Members, Address SDOH, and Improve Quality Measures

Like many health plans, engaging and activating vulnerable populations at scale is critical to Home State Health. This case study from Home State Health focuses on engaging Medicaid members at scale on numerous topics leading to desired outcomes including: working with the State to develop the most optimal opt-in program; the benefits of Conversational AI in orchestrating tailored dialogues at scale; and how to design and launch Conversational AI programs.

RELATED: FDA wants to create a ‘go-team’ for medical device cybersecurity

Some have called for manufacturers to maintain support for legacy technology throughout its lifecycle, but the committee argued that diverting resources to older systems would “likely have significant impacts on their ability to provide new and innovative technologies.”

“The challenges created by legacy technologies are, by definition, decades in the making,” the House committee wrote, requesting additional input from stakeholders in every sector. “They implicate dozens of diverse stakeholders with different and at times competing equities, and they have no clear solutions.”

RELATED: Cash for clunkers—Could it work for legacy medical devices?

Exactly how to manage a glut of legacy systems throughout the industry has been up for debate, particularly after the WannaCry attack last year that took advantage of a vulnerability in outdated operating systems.

One suggestion, included in the Department of Health and Human Services Cybersecurity Task Force report released last year, is a program similar to Cash for Clunkers, a federal initiative aimed at getting old cars with poor fuel efficiency off the road.   

Meanwhile, the Food and Drug Administration wants to devote more funding to medical device cybersecurity by creating a “go-team” that could assist with response efforts and help identify key vulnerabilities. The agency is also considering requiring manufacturers to include a “bill of materials” to allow hospitals to better manage networked devices.

Suggested Articles

UnitedHealth's Optum unit has completed its $4.3 billion acquisition of DaVita Medical Group after getting the final OK from the Federal Trade Commission…

Cigna chief David Cordani said it’s time to pump the brakes on calls for a healthcare system overhaul like “Medicare for All.”

The American Heart Association (AHA) and emergency technology company RapidSOS are working to build a health data registry that first responders and 911…