This is becoming more important with the adoption of EHR Stage 2 by six of ten hospitals, where a patient’s arrival at the emergency room generates an automatic notification to his/her physician, allowing other information, such as allergies or special conditions, to be communicated back. For the patient it may lead to identity theft for the device manufacturer it can mean a disastrous loss of business. Layer 2: Secure data connectionsĪ hack may do nothing more than copy information - but if the information gets out, it’s a breach of patient confidentiality. Regardless of the hacker’s black-hat skills, if he’s not on the list, he’s not getting in. This first layer of security is guarded by blacklisting and whitelisting: to connect to a device, the connecting machine must be explicitly approved by the systems administrator. Many hospitals are using remote access software that’s already HIPAA-certified, like TeamViewer. Recently, testing discovered an insulin pump used by 114,000 patients could theoretically be compromised, and the dose changed by a hacker with malicious intent.
Radiation therapy machines where dosage is within narrow parameters. Patient monitors that report back vital signs to physicians. Layer 1: Physical device securityĬan it be hacked? From the smallest electronic health record (EHR) database to the latest MRI scanner, any device that collects patient information needs to comply with HIPAA’s rules on patient privacy.īecause today, a host of medical devices are connected to other equipment in a way they weren’t just a decade ago. Here are some of the threats to look out for, with advice on how remote access software can foil them. Over 100 major breaches were reported in 2016, and those are just the big ones. Sad to say, there are criminals who put patients’ data-and therefore their lives-at risk by compromising the medical devices you sell.
So paying attention to protected health information (PHI) isn’t optional. The FDA approval process now also covers cybersecurity. And while not all medical devices are as mission-critical as implantable cardiac transmitters, they still need to be compliant with the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). In our connected world, if it’s technological, it’s hackable.
0 kommentar(er)
