Protecting Networked Medical Devices from Security Breaches to Enable the Safe Delivery of Virtual Healthcare
By Kevin von Keyserling, chief strategy officer, Keyfactor.
As value-based care becomes more prevalent, healthcare delivery organizations (HDOs) are continuously looking to transform the patient care model with goals of reducing costs, optimizing patient outcomes and driving better financial performance. As new channels, delivery agencies, and patients taking greater responsibility in managing their care in the continued shift to telemedicine or virtual healthcare, digital security has become an even more important component of this evolving ecosystem.
Given the growth of connected medical devices, the potential for security lapses from release through use is considerable. While implanted devices draw the most attention, the broader universe of medical care gadgets can also warrant concern. In the U.S. alone, hospitals can average anywhere between 10 to 15 connected devices per-bed. With this kind of scale, the number of security gaps can be significant.
Medical devices that feature wireless connectivity, remote monitoring, and near-field communication technology allow health professionals to adjust and fine tune implanted devices remotely and in real-time. Devices capture and transmit data across many channels and receiving parties, but many fail to incorporate data security protocols and standards. Older devices that remain in the field may be using outdated security software. There is also significant ambiguity on who owns the data, which can result in nobody taking the lead on managing current security practices. Put these factors together and it’s easy to understand why healthcare data is highly susceptible to security failures.
Optimizing Data and Device Security
Healthcare has the highest breach-related costs of any industry at $408 per-stolen record. As patients willingly share personally identifiable information (PII) reliable controls must be in place to protect patient privacy. Every identity within an organization must be covered by layers of digital security, and the process can be broken down into smaller bites to ensure you’re setting the stage for optimized data and device security without taking everything on all at once.
- Establish necessary barriers: Improve the strength of targeted devices between devices and outside threats and be aware of your device inventory always – no device should ever be left unattended! Don’t leave cell phones or laptops out in open spaces, but if you do, utilize features such as auto-lock. Ensure that all devices are locked in a restricted and secure area when not in use.
- Define your security protocol: Make sure to have a regular cadence in which passwords need to be updated and utilize multi-factor authentication when possible.