HITInfrastructure

Security News

Connected Medical Devices Need Current HIT Infrastructure Security

Connected medical devices need more security coverage as organizations plan to consistently add more networked devices to their HIT infrastructure.

connected medical devices need increased security

Source: Thinkstock

By Elizabeth O'Dowd

- Organizations are adding more connected medical devices to their HIT infrastructure, which raises concerns about device security.

A recent Research and Markets report predicted that the medical device security market will reach $28.9 billion and grow at a CAGR of 35 percent through 2023.

“Medical device companies and healthcare providers are facing threats in mobile and web applications, and various network nodes,” said report authors. “The healthcare industry, medical device providers, and individuals/patients are adopting a wide range of connected devices such as wearables, backend system, integration devices, and automated equipment.” 

The report stated that medical devices are vulnerable to attacks because they constantly store and transfer PHI. The rise of advanced IT infrastructure and connected hospitals demand better and more inclusive medical device security solutions.

“The increasing adoption rate of connected devices by consumers, use of mobile health applications/devices (home care), government regulations, lack of security testing on medical devices, and increasing initiatives toward connected hospital are expected to drive the market,” the report stated. “In addition, lack of knowledge and access control, pressure to meet production activities, and standardization of technology are few challenges hampering the medical device security market growth.”

A recent Ponemon study also found that there is a significant lack in connected medical device security.

Nearly one-third of device manufactures and healthcare organizations are aware of the potential negative affects unsecured devices have on patients and their health data. However, only 17 percent of device manufacturers and 15 percent of healthcare organizations are taking significant steps to prevent attacks from vulnerable connected medical devices.

The study showed that the growth of mobile device usage across the healthcare industry significantly increases security risks because mobile devices are inherently difficult to secure.

Eighty percent of medical device manufacturers and users said medical devices are very difficult to secure. Only 25 percent of respondents said security protocols or architecture built inside devices adequately protects clinicians and patients.

"The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations," Ponemon Institute Chairman and Founder Dr. Larry Ponemon said in a statement. "According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority."

The study also revealed that only 44 percent of entities follow FDA guidance to reduce security risks in medical devices.

Earlier this week the FDA released its final guidance for smart and secure interactions among medical devices. The guidance stressed the importance of medical device interoperability for security as organizations continue to incorporate devices into their network ecosystem.

“As electronic medical devices are increasingly connected to each other and to other technology, the ability of these connected systems to safely and effectively exchange information and use the information that has been exchanged becomes increasingly important,” FDA wrote. “Advancing the ability of medical devices to exchange and use information safely and effectively with other medical devices, as well as other technology, offers the potential to increase efficiency in patient care.”

Organizations can increase the safety of their medical devices by focusing on the data that’s exchanged among the devices and taking steps to secure it. If devices are designed with interoperability as an objective, the FDA states that it will significantly improve safety.

Entities looking to improve their medical device security should adhere to FDA recommendations and look for a solution that has interoperability and secure data exchange features.