This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies By closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Healthcare delivery organizations must approach the security of their internet-connected medical devices more urgently than ever — attackers are honing in on this often-vulnerable equipment (and the lucrative data it holds) with increasing sophistication. Indicators from the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) show that healthcare data breaches have more than tripled over the past decade. Just last year alone, 50 million individuals in the U.S. (or about 1 in 6 Americans) were tied to a healthcare data breach. Given this ever-more-ominous threat landscape, attacks exploiting medical device vulnerabilities to infiltrate networks and expose patient data — or even interrupt patient care — are now a top concern among healthcare organizations’ IT leaders.
But sooner or later, those leaders face a strategic quandary: when should medical devices with known security flaws be replaced, and when is a change unnecessary? Thorough risk assessments are the key to informing this decision-making process. The work of procuring new medical devices is time and resource intensive. Purchasing new devices (which might not be necessary to do) also puts direct pressure on budgets. For these reasons, healthcare IT decision-makers should seek to keep existing devices in place whenever possible. Only when a device represents a high risk — and there is no patch or fix available — should a (likely expensive) replacement be considered.