From MediTechSafe's engagements with Health Systems
Healthcare organizations are increasingly connecting medical devices (Internet of Things devices) to Electronic Health/Medical Records (EHR/EMR) systems to improve employee productivity and patient care. The FBI, however, warned that these devices are being targeted by cybercriminals.
There are three potential scenarios:
Attackers exploit vulnerabilities of the medical devices to hack into hospitals’ enterprise networks.
Medical devices become candidates for infection if they have vulnerabilities matching malware’s target profile even if they weren’t targeted.
Medical devices are targeted for cyber terrorism, ransomware, or simply to gain access to Protected Health Information (PHI) on the devices.
In any scenario, malfunctioning of compromised medical devices could lead to patient safety risk or operational downtime concerns. Compromised medical devices pose patient data security risk as well.
Following discoveries were made concerning medical device cybersecurity from MediTechSafe’s various customer engagements:
Integrated Delivery Network (IDN) / Healthcare System
Hospital Operating Room
Pediatric Emergency Department
Pediatric Surgery in Children's Hospital
Ambulatory Surgery Center
Imaging Department / Center
Physician's Office (Primary Care)