Blog

The business case for end-to-end cybersecurity – from medical devices to hospital infrastructure

April 29, 2021 Peter Myler
The business case for end-to-end cybersecurity – from medical devices to hospital infrastructure

Digital health has been catapulted to the fore as we look to continue delivering healthcare efficiently during the pandemic, and the implications for medical cybersecurity moving forward are huge. Connectivity is now a prerequisite for in-hospital medical devices, and the benefits that come with that are significant; but there are risks, too.

As healthcare becomes more connected, it also becomes a more attractive target for the kinds of cybersecurity attacks that have long plagued other ‘connected’ industries.

It’s not just the prize of patient data, health records, or access to critical infrastructure that makes healthcare a tempting target for malicious hackers but also the fact that most healthcare facilities and organizations simply aren’t equipped to ward off attacks. 

So, what steps can medical device companies take to harness the benefits of connectivity while mitigating the associated cybersecurity risks? And how can they ensure devices remain safe not just now, but long into the future? 

To answer those questions, our Product Innovation Manager, John O’Gorman, speaks with cybersecurity expert Ken Hoyme, Senior Fellow in Product Security at Boston Scientific.

They delve into why cybersecurity considerations must underpin in-hospital connectivity at every stage of the process, from device and infrastructure development to long-term management and support, as well as the risks and regulations medtech companies should be aware of. 

The business case for end-to-end cybersecurity – from medical devices to hospital infrastructure S3


In our second episode, John and Ken discuss:

    • Why cybersecurity for in-hospital medical devices cannot be an afterthought and instead must be baked in from the beginning (00:44)
    • How medical device companies can ensure cybersecurity underpins every step in the development process (1:32)
    • Key cybersecurity regulations – including TIR57 – and how these are changing (2:39)
    • What the core cybersecurity considerations for medtech should be, including device set-up, system integration, and EHR integration (5:04)
    • The risks associated with poorly secured medical devices and systems, including the potential risk of patient harm, data theft or manipulation, and financial backlash on hospitals (8:55)
  • Challenges medical device companies may come up against in their cybersecurity journey, including the speed of issuing security patches, remote software updates, cloud configuration, and clinician reluctance (11:28)
  • How healthcare organizations can seamlessly secure their devices and services without interfering with clinicians’ work (15:35)

 

whitepaper-device-companies-create-end-to-end-connectivity-in-hospital-devicesFor information on how medical device companies can create secure, scalable connectivity for capital equipment in the hospital environment, download our latest whitepaper:

'How medical device companies can create end-to-end connectivity for in-hospital equipment'