Deloitte Issues Brief on Medical Device Cyber Security Issues in Healthcare
The Deloitte Center for Health Solutions is the health services research division of Deloitte. The Center’s goal is to provide research to keep healthcare stakeholders informed on emerging trends and challenges in the industry. The center has released its latest findings in a new report, Networked Medical Device Cyber Security and Patient Safety: Perspectives of Health Care Information Security Executives.
For this report Deloitte interviewed medical device security leaders (MDSLs) from nine health care organizations as part of a study on patient safety issues related to medical device security. Respondents share insights on privacy and medical device cyber security issues, organizational preparedness levels and future developments needed to support the industry.
The issue brief looks at:
- Potential risks associated with networked medical devices
- Reviews recent FDA draft guidance on managing medical device cyber security
- Examines Deloitte’s interview findings for governance, risk identification and risk management
- Provides stakeholder considerations and a potential path forward
From the executive summary:
Networked medical devices and other mobile health (mHealth) technologies are a double-edged sword: They have the potential to play a transformational role in health care but also may be a vehicle that exposes patients and health care organizations to safety and security risks. Among the unintended consequences of health care’s digitization and increased networked connectivity are the risks of being hacked, being infected with malware, and being vulnerable to unauthorized access. As growing numbers of medical devices incorporate wireless capabilities and complex software, operate adjunct to wired medical devices in hospitals, health systems, and home-based care, the scope and nature of required security controls also changes. Information technology, compliance, and risk executives in health care organizations will need to be able to anticipate and address present and future medical device security risks to safeguard patient safety and protected health information.