From the January/February issue of HealthCare Business News magazine
Many IoMT devices interact with the physical world in ways conventional IT devices do not. Infusion pumps regulate the delivery of life sustaining medication. Implanted cardioverter defibrillators deliver electrical shocks and restore the heart to normal rhythms. Hackers have demonstrated vulnerabilities in these types of devices increasing dosages or manipulating shocks that result in sudden death. While these examples are extreme, it is clear that interfering with the stated performance of IoMT devices negatively impacts the quality of patient care and increases the financial risk to the provider.
What is being considered the first cybersecurity death resulting from a hack occurred last September at Dusseldorf University Clinic in Germany. A woman with a life-threatening condition was unable to be admitted to the hospital because hackers had locked down their systems with ransomware. The nearest facility was 32km away and she died in transport.
Numed, a well established company in business since 1975 provides a wide range of service options including time & material service, PM only contracts, full service contracts, labor only contracts & system relocation. Call 800 96 Numed for more info.
Most organizations are still managing legacy medical devices as a cost center, a necessary evil, which focuses on maintenance and repair. This is a reactive firefighting approach relying on unintegrated point solutions, spanning multiple departments, that are not designed to positively impact patient experience and safety. The HTM business unit’s transition to customer-focused service and operational efficiency needs to consider the total life cycle and integration of various departments: Clinical Engineering, Finance, Information Technology, Information Security, Compliance, Procurement and Legal.
Risks surrounding medical devices will not magically disappear. The extent to which they are reduced will be a result of deliberate and integrated multi-stakeholder participation. Clinical Engineering, once considered “the team in the basement fixing things”, has recently taken a more active role in this transition. COVID-19 has given HTM and Clinical Engineering a seat at the Emergency Planning table and a platform to establish visibility. Therefore, progressive HDOs are increasing collaboration, implementing a device security plan, exploring leading-edge solutions, and leveraging additional resources in an effort to solve this problem.
Within most hospitals, governance to align cybersecurity between these various departments has not been operationalized. Each department looks at their responsibilities independent of the others. Early adopters on the bell curve are integrating two categories of software solutions to operationalize new organizational workflows in an effort to reduce the risks associated with this problem: Medical Device Security (MDS) and Computerized Materials Management System (CMMS) solutions.