Imaging, IoT, and Cybersecurity: A Brave New World

May 17, 2019
There are plenty of innovations that can improve the quality of in-patient care, but their ability to communicate over internal computer networks has introduced new vulnerabilities to cyberattacks

There are plenty of innovations that can improve the quality of in-patient care, but their ability to communicate over internal computer networks has introduced new vulnerabilities to cyberattacks

I recently had a conversation with a former colleague from the early days of the vendor neutral archive (VNA) who has subsequently gotten involved with cybersecurity. This led to some interesting discussion of the complications and vulnerabilities of imaging devices within healthcare that exemplify the complexities of dealing with cybersecurity.

Security professionals are used to protecting email servers, different databases, laptops and other mobile devices, but according to my discussions when it comes to securing medical devices, they may lack the visibility and understanding of how such devices operate. Hackers are increasingly targeting healthcare providers because of the high price they can command for sensitive patient data and for the recent success from ransomware attacks. 

Current cyber-attack initiatives more than likely emphasize known devices, whereas there may be hundreds or thousands of other connected medical devices, such as patient monitors, IV pumps, MRI scanners, infusions pumps, and ventilators that are connected to hospital networks to improve the quality and efficiency of delivering medical care. Although all of these innovations can improve the quality of in-patient care, their ability to communicate over internal computer networks has introduced new vulnerabilities to cyberattacks.  And, we have probably only scratched the surface in terms of additional devices, as Internet of Things (IoT) proliferate. 

For example, the application of RFID (radio-frequency identification) devices that might interact with patients or supplies will greatly expand connectivity.  In addition, there may be considerable patient data such as images on smart devices, such as in dermatology or orthopedics that may interact wirelessly with electronic health record (EHR) systems.  Might these devices be just as vulnerable as the more traditional devices?

Securing all of these medical devices using traditional IT or even generic IoT cybersecurity approaches isn’t good enough.  Security professionals need to take into account the medical context of the device communications including the role of the devices in the medical workflows to apply the necessary controls to ensure patient safety and protect sensitive data.  According to Dr. John Halamka, executive director, health technology exploration center, Beth Israel Lahey Health, “IoT means Internet of Targets.  It's clear that medical devices on internet connected networks are one of healthcare's greatest vulnerabilities.”

One such company focused on a better way to address device security is Cynerio, an outgrowth of Israeli security concerns.  Cynerio provides a unique network-based platform that gives security leaders control over the security of their connected medical devices, and enables them to respond rapidly and effectively to incidents to ensure patient safety and data protection.

Oftentimes in larger healthcare organizations there may be some separation between IT and bio-engineering services. Many medical devices are likely managed by bio-engineering, and they may or may not be visible or accountable to IT. These are the devices that may be increasingly vulnerable to cyber-attacks. Having a capability such as that provided by Cynerio to be able to see these devices on the network provides a better chance of catching an attack.  Many of these devices are likewise more vulnerable to an attack as they are likely operating on older versions of operating systems, and may or may not have network security tools as part of their application. 

Having a mechanism that can detect malicious activity with these devices that doesn’t interfere with their operation will be essential to preventing or intercepting cyber-attacks.  Larger healthcare providers most likely have more resources to address cyber-security.  Smaller providers, imaging centers, and services with imaging services such as orthopedic centers may have fewer resources and ability to prevent such attacks, and are therefore potentially more vulnerable.  The availability of tools that can protect a range of devices without requiring individual device vendor software changes could significantly reduce cyber-threats. 

Image sharing is a key part of healthcare operations, and hence may present even greater vulnerability.  This may be particularly true with the advent of cloud-based applications that are replacing CD/DVD based image sharing applications.  Newer viewing technologies employing server-side rendering may likewise deter cyber threats to image display, as they retain all the image information on the server, and not on individual devices that might be vulnerable.

It’s a brave new world out there!  IT and bio-engineering are going to need all the tools they can get to assure the security of their operations as more and more data is handled electronically.

Sponsored Recommendations

TEST: Ask the Expert: Is Your Patients' Understanding Putting You at Risk?

Effective health literacy in healthcare is essential for ensuring informed consent, reducing medical malpractice risks, and enhancing patient-provider communication. Unfortunately...

From Strategy to Action: The Power of Enterprise Value-Based Care

Ever wonder why your meticulously planned value-based care model hasn't moved beyond the concept stage? You're not alone! Transition from theory to practice with enterprise value...

State of the Market: Transforming Healthcare; Strategies for Building a Resilient and Adaptive Workforce

The U.S. healthcare system is facing critical challenges, including workforce shortages, high turnover, and regulatory pressures. This guide highlights the vital role of technology...

How AI-Native Locating Intelligence Revolutionizes the RTLS market

Discover how leveraging an RTLS solution with artificial intelligence as the location engine can increase efficiency, improve safety, and elevate care without the compromises ...