By Keri Forsythe-Stephens
With cyber threats growing more sophisticated by the day, healthcare facilities need strong strategies to keep medical devices secure. Yet outdated systems and poor communication continue to plague the industry, says Samantha Jacques, PhD, FACHE, AAMIF, associate vice president of clinical engineering at McLaren Health Care and a member of the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group. In the following Q&A, Jacques shares what’s working, what’s not, and why collaboration—not blame—is the only path forward.
HCB News: How has the threat landscape evolved for connected medical devices, and what vulnerabilities concern you most today?
Ad Statistics
Times Displayed: 65576
Times Visited: 2138 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
Samantha Jacques: Unfortunately, the landscape hasn’t changed much on the device/hospital side. Legacy devices still litter the environment, and manufacturers remain behind in developing and releasing medical devices with supported operating systems. Robust patching programs are few and far between. Transparent, consistent, and timely communication between manufacturers and device owners about risks and vulnerabilities is largely nonexistent.
From a broader ecosystem perspective, the threat landscape is worsening. Previously, bad actors would spend months developing their skills and refining their attacks. Now, we’re facing immature, non-technical actors leveraging AI tools to build sophisticated attack vectors—more advanced than we’ve seen—within just two to three days.
We’re also contending with increased coordination among nation-states. Overall, it’s not a pretty picture.
HCB News: As a healthcare technology management (HTM) expert, how can HTM teams best collaborate with IT and cybersecurity to reduce medical device risks?
SJ: First and most importantly: communicate. Most IT and cybersecurity teams are aligned with HTM teams in their shared goal of delivering safe and secure patient care. However, IT and cybersecurity processes—such as governance, risk, and compliance (GRC) assessments, identity management, and patching—are often not well understood by HTM teams.
Likewise, the medical device lifecycle and the limitations on patching and implementing security controls are not well understood by IT and cybersecurity teams. Building a basic understanding of these processes across departmental lines is critical. From there, teams can define hybrid roles, responsibilities, and the input each group can provide to more effectively collaborate on solutions that bridge the gap between departments.
