Over 100 California Auctions End Tomorrow 12/02 - Bid Now

Protecting legacy devices against cyberthreats

by John R. Fischer, Senior Reporter | October 13, 2021
Cyber Security Health IT HTM
From the October 2021 issue of HealthCare Business News magazine

One component of the HSCC is the Cybersecurity Working Group, which is divided into 16 smaller groups that together represent 300 healthcare organizations in different medical subsectors. One of those groups aims to address the question of how to better protect older equipment with antiquated software.

That group is called the Med-Tech Legacy Devices Task Group, and Powers is a part of it. The challenge, he says, involves figuring out what to do with current devices and how to build them better moving forward. “We’ve divided our efforts into current and future states in terms of how we deal with devices in your hospital today and how we design better stuff so in the future they don’t become legacy so fast.”

He adds that task groups need more participation from providers and clinical engineers to help develop write-out standards around cybersecurity. “It can’t be the same ten people that always volunteer and help out and need their own biases and perspectives. We need your help.”

One factor that can create tensions for device security is access to service manuals for systems. Some manufacturers will prevent the sharing of these documents with non-OEM servicers in the interest of protecting trade secrets or limiting who can service the technology. Recently, however, the FDA has stated that it does not consider the sharing of these documents to have a negative impact on cybersecurity.

The perspective was put forth as part of a little-known rule-making proceeding underway at the U.S. Copyright Office, which could exempt medical device manuals from copyright protections. If this were to happen, HTM departments might have greater access to manuals and perhaps a better vantage point to oversee the cybersecurity of the devices at their hospital.

As it is clear that cyberattacks on healthcare providers are a threat that is growing exponentially, it’s critical for service engineers to be aware of the risks posed by legacy equipment and use every tool in their kit to mitigate them.

Back to HCB News

You Must Be Logged In To Post A Comment