Many medical devices, such as heart monitors and insulin pumps, rely on connected networks.
This allows doctors, nurses, and other caregivers to track a patient’s condition in real time and store that data in an electronic medical record system.
[ Medical facilities in five states affected by cyberattacks impacting patient services ]
The report warns that while cyberattacks on medical devices are not common, attacks can have serious consequences.
However, these network connections can also put your devices at risk for cyberattacks.
a watchdog report A report from the U.S. General Accounting Office (GAO) found that federal agencies responsible for protecting these devices need to update their cybersecurity agreements.
“Cyber incidents affecting medical devices can delay critical patient care, compromise sensitive data, disrupt healthcare provider operations, and require costly recovery efforts.” the report states.
We spoke to GAO about the potential dangers.
“Suppose a doctor is operating on a patient in the operating room and some sort of seizure occurs. That patient will likely lose many minutes before getting the services they need,” GAO said. said Jennifer Franks, director of the Cyber Security Center.
According to the report, as of January 2022, 53% of connected medical devices and connected devices in hospitals had known critical vulnerabilities.
According to the findings, the Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) have developed an agreement on practices to protect the cybersecurity of medical devices that will not be renewed for five years. Not yet.
“Yes, you are emphasizing that you have defined common goals. You have worked to bridge the gaps between organizations. You have defined some of the leaders who will be held accountable within our organization. But what you haven’t done is ensure accountability or identify the relevant participants that are highlighted in the agreement,” Franks said of the need for an update. “What this really helps agencies do is better monitor, assess, and even communicate their progress in the short and long term, so if a vulnerability does occur, where do they get the information?” , who will be in charge of that information?’
In response, the federal agency agreed with the recommendation and said it was working on an update.
Video: 7 steps U.S. businesses can take to prevent cyberattacks
This browser does not support the video element.