Introduction
In the contemporary world of rapidly developing technologies, science and medicine advance quickly powered by technological innovations expanding the potential of contemporary healthcare employees and facilities. However, alongside the evolving technologies, the threats they bring about development and growth as well. In particular, one of the most widely known issues that came about as soon as technologies gained impact in the world was cybersecurity.
Security threats exist in every professional sphere were cyber technologies, and the Internet is used. In healthcare, cyberattacks, the breach of data security, and lost information can lead to extremely adverse consequences. As a result, cybersecurity threats in healthcare need to be addressed as soon as they emerge. In particular, currently, there exists one significant threat to the security of medical devices whose connectivity has been expanding over the last decades. The breach of medical device security can lead to the loss of vital data, personal records of the patients, and the flawed operation of the devices, leaving patients the ultimate victims of such cyberattacks.
The rationale for Choosing the Topic
The level and quality of security of embedded medical devices, as well as many computers used in the healthcare settings, has been known to be lax for quite some time. As a result, the information that is particularly sensitive to cyberattacks and the data that, if stolen or changed, can do a lot of harm to the patients has been particularly vulnerable. Moreover, the news of cyberattacks hitting medical devices and exposing patients to risks has been an occurring phenomenon throughout the last decade (Fu & Blum, 2013).
Such attacks can be different – targeting a separate group of patients, disrupting the work of a certain kind of software, or paralyzing the systems and taking them hostage until the organizations provide the money demanded by the hackers (Coronado & Wong, 2014). Each of these types of attacks can lead to deaths of patients and the creation of a serious threat to their personal data.
As a result, the discussion of this issue that involved the provision of detailed information on the severity and significance of the problems that may result from the weak medical device security is necessary today. Moreover, such a discussion could help raise awareness among medical professionals about the measures that have to be taken in order to ensure safer cyberspace in their medical settings. The creation of and the engagement into such discussion are the major rationales behind the choice of this subject.
Currently, the FDA is the agency that is responsible for the provision and monitoring of cybersecurity of medical organizations and facilities; however, according to the latest data, due to the rapid shifts and changes in the technological aspects of the operations of such establishments, a set of new threats is now facing healthcare (Williams & Woodward, 2015). In that way, even though cyber threats are recognized as one of the most serious problems in modern healthcare, a plan as to how it should be addressed in still required (FDA, 2016).
The problem is complicated by the fact that the current medical settings involve a wide variety of professional devices fulfilling different tasks and purposes. In particular, there exist devices that monitor patients’ vital signs in real-time, pumps that must administer carefully calculated doses of medications, personal medical devices such as pacemakers, large servers maintaining the operation of entire facilities, and storages of patients’ electronic medical records, to name a few.
All of these devices require different kinds of software and applications in order to function properly. In turn, the software installed on these devices must answer their corresponding system properties, as well as be stable, resilient, and have a robust security (Fu & Blum, 2015). Also, the personnel operating such devices must be fully aware of how they are connected with other devices in the network and what potential threats to their security exist.
How It Can Impact Practice (Pros and Cons)
In addition, it has been specified several times that the lacking safety of medical devices and their exposure to a variety of cyber threats pose many risks to the patients, their health, and their personal information. However, in addition to this obvious risk, the weak cybersecurity in medical settings is a danger to the personnel. Practically, medical organizations and their staff are legally obliged to protect the information and safety of their patients. As a result, in a case, if a cyberattack takes places creating damage to the patients, the staff and organizations will be viewed as the ones guilty of not taking the appropriate care of their safety measures.
Moreover, these days, the vast majority of the US medical organizations and facilities of various kinds have become victims of hackers and their cyberattacks. In particular, as reported by Williams and Woodward (2015), as many as 94% of healthcare organizations have suffered the impact of cyberattacks over the last years. This statistics and frightening and may contribute to the loss of trust from the side of the patients and their reluctance towards visiting medical facilities.
Also, it is important to mention that just like the introduction of the new equipment requires training of the employees to be able to operate it, the addition of the new instruction regarding the maintenance of cybersecurity will also need education for the practitioners. In turn, these measures will take the employees’ working hours and prevent them from fulfilling their original duties to the fullest for some time. The liabilities, as well as the need for education and training, are two of the significant cons of the issue of medical device cybersecurity.
At the same time, the increased safety of healthcare settings that will be established once a new plan regarding cybersecurity is implemented will be a massively important positive aspect of the issue. Also, it is important to keep in mind that technologies are a field that develops very quickly and as soon as new technologies appear to increase the effectiveness of healthcare facilities and procedures, a set of new threats to their security also emerges. As a result, developing new skills of operating complex devices and training to maintain their safety will become an additional part of the lifelong learning journey of medical professionals operation in the contemporary world.
Informatics Skills Used Developing this Assignment
Working on this assignment and researching the selected issue of medical device cybersecurity, it was important to learn about the connections that exist between medical devices in healthcare settings and how such connections may expose different sets of devices of security risks.
For instance, in order to be able to process and comprehend the seriousness of cyber threats, a significant body of knowledge had to be collected about different kinds of networks that are used in healthcare facilities. In particular, there are private networks between smaller groups of devices, there are networks that collect data continuously (such as those that include patients’ bedside monitors), and the ones that collect and transfer data periodically (such as mobile vitals devices).
In addition, the OR equipment is also connected and monitored via a management console. Moreover, multiple serves and gateways using different types of connection can be used in one system. Also, many hospital networks differ from one another depending on their sizes and structure – and thus have different cybersecurity needs, strengths, and weaknesses. In that way, cybersecurity will differ from one organization to another even if there are standardized rules and requirements established by the FDA.
Conclusion and Recommendations
Knowing that cybersecurity is a very serious threat that creates significant risks for the patients, staff, and organizations in general, healthcare authorities and the leaders of individual facilities have to start addressing the risks right away and ensure that their staff members are well-aware of how the facility network is built and how different devices are connected with one another. It is possible for the facilities to start sending their staff to various classes and conferences where experts in informatics and cybersecurity would talk about how security is breached and what the consequences would be.
Also, it may be necessary to engage more IT professionals in the current healthcare field in order to test and existing systems and find their potential weak spots. Finally, a detailed internal research may be required in order for the organizations to see what kind of attacks are the most common, how they work, and what can be done to prevent them.
References
Coronado, A. J., & Wong, T. L. (2014). Healthcare cybersecurity risk management: Keys to an effective plan. Cybersecurity in Healthcare, 48(1), 26-30.
FDA (2016). Postmarket management of cybersecurity in medical devices. Web.
Fu, K., & Blum, J. (2015). Controlling for cybersecurity risks of medical device software. Cybersecurity in Healthcare, 48(1), 38-41.
Williams, P. A., & Woodward, A. J. (2015). Cybersecurity vulnerabilities in medical devices: A complex environment and multifaceted problem. Medical Devices (Auckland), 8, 305-316.