Today cyber attacks are more common than we think and system hijacking or ransomware is a sensitive issue that institutions, companies, and especially hospitals have put on the table to take urgent cybersecurity measures.
It has been shown that the issue of cybersecurity is growing stronger and that it is now easier to protect personal use devices connected to the internet in order to protect our sensitive personal data. For health institutions, the real issue of cybersecurity focuses on patient information and the protection of the medical equipment network, cyber attackers always look for the vulnerability of the equipment to access the network, block access to their use and all the information that is stored in the equipment to then ask for a reward in exchange for the release, this delicate information is the key to keeping the patient safe and, without that information, patients are at risk.
According to Security Boulevard, at least one in five Americans was a victim of cyberattacks in their health care last year and are worried that ransomware make the movement again and affect their care, also a third of the persons who were interviewed are thinking to switch providers.
If you want to protect your medical equipment network from ransomware, the first step to take is to have a good management system with an extended inventory of the pieces of equipment that includes equipment digital persona, data security fields (Bluetooth, USB interfaces and ePHI) and, a model control profile. By having a centralized management system, you will be able to monitor the technology that are vulnerable to this type of situation, identify the constant failures, administrate the maintenance cycle, and which equipments are affected before, during, and after a cyber attack.
Call the manufacturer: medical equipment needs patches every certain time and unlike a computer, they do not automatically download and install, so you need to ask your provider for the patches available for your equipment, this is a really hard task for the Clinical Engineering department since in a hospital there can be thousands of equipments and not all will be of the same brand or manufacturer but with the last update of “right to repair” law, clinical engineers will be able soon to get the patches from the manufacturers and install them themselves with a faster response time, the only little obstacle will be the OEM since all installations, patches, and other endpoint security solutions for medical technology need to have validation by they first.
TI department and CE department need to make a good team evaluating constantly all the medical technology and prevent every vulnerability they will found on medical equipment, update all the patches available and management maintenance cycles, protect leaks of ePHI data and always keep an eye on the alerts and in this way hackers will have no opportunity to attack the network or at least it will not be easy.
Our CMMS MediMizer has integration with ASIMILY, a smart solution for the IoMT risk management where you can correlate the data based on several parameters to enrich inventory, initiate automatic remediation of vulnerabilities detected, and plan activities.
