Skip to main content
Skip to main navigation
Skip to footer
women using insulin pump

by Paul Schwartz
Published on July 31, 2019

Estimated read time: 3 minutes

Key takeaways

  • Connected medical devices offer valuable patient data to providers but increase the risk of cybersecurity breaches.
  • Security is a patient-safety issue. Every health system needs a proactive plan that covers protecting the security of devices, data and patient privacy.
  • To help our clients mitigate security risks, Cerner is providing identification, management and protection services.

You can’t kill someone with a computer virus, yet laptops and smartphones have more protection against hacking than the medical devices charged with keeping us alive. Take, for instance, the computerized insulin pumps that some diabetes patients use instead of injections for maintaining normal blood sugar levels. What if someone “hacked” one of these pumps? They could change how the insulin is delivered and put the patient in a potentially life-threatening situation. This is just one example of the dangers of medical device hacking. Other health care machines, such as MRI scanners, pacemakers and heart rate monitors, are also at-risk.

The average hospital room has nearly 15 to 20 devices that can connect to the cloud and apps. During the next decade, the total number of devices is expected to grow from 10 billion to 50 billion. Although having these machines online offers valuable patient data to providers, it also increases the potential of cybersecurity breaches. 

Over the years, the Food and Drug Administration has issued recalls on devices such as insulin pumps and pacemakers due to security concerns. Cyberattacks against medical gear generally lock and disable the machines, steal private medical information or disrupt treatment. Health systems must be ready to address these risks with a proactive, comprehensive approach that protects the security of the device, the data and the patient’s privacy. 

Identifying the challenges of securing medical devices

The reality is that there’s no way to install antivirus software on these machines because they’re not all managed at health care organizations. The only way to know if a device is compromised is to test each one – an inefficient and time-consuming solution.

But that’s not the only problem impacting device security. Here are three more issues that put these machines at a higher risk for a cyber threat:

  1. There’s not an efficient inventory system, which leaves many devices unidentified and easy to hack without detection.
  1. Some machines are still in use despite being outdated.
  1. Multiple vendors, versions, and a lack of inventory management make recall info difficult to find.

Don’t wait: Protect your organization against cyber attacks

We’re helping our clients tackle these security risks through identification, management and protection services. Our security experts visit health systems to set up and deploy these solutions that provide visibility into their medical devices. We also offer remediation services to prevent attacks or to get organizations back on track after their devices are hacked.

The bottom line is that if we wait until hacking happens, we’ve waited too long. As health care transforms and more devices access the cloud, the industry must be proactive to reap the benefits of connection while still ensuring the safety of patients.

Contact Cerner at network-security@cerner.com to ensure your medical devices are protected.

More like this: