Out of Sight, Out of Control: Uncovering Hidden Data Security Risks of Connected Medical Devices

Out of Sight, Out of Control: Uncovering Hidden Data Security Risks of Connected Medical Devices

April 11, 2011
Earl Reber
From the April 2011 issue of HealthCare Business News magazine
This report originally appeared in the April 2011 issue of DOTmed Business News

By Earl Reber

The smartphone that keeps you connected to the office while you’re away? It’s helpful for productivity, but could be carrying a virus that may infect every single device connected to your health system’s network. This situation’s frequent occurrence reveals a collective failure in electronic data protection as it relates to connected medical devices. And it doesn’t just affect your organization’s IT department – an infected network could mean data loss, patient misdiagnosis, hefty financial penalties or even jail time. It’s absolutely crucial that you understand the hidden risks to help safeguard your network.

The common culprit
While every hospital or health system has some level of security protection for its networks, the most common security-related blind spot is software-driven or wireless devices connected to the network. From iPhones to surgical lights, CT scanners, IV pumps and smart beds, any device transmitting data to a network is a potential target or launch pad for security breaches if left unprotected. These breaches are often difficult to identify because many times, no one is keeping track of these devices.

New & Refurbished C-Arm Systems. Call 702.384.0085 Today!

Quest Imaging Solutions provides all major brands of surgical c-arms (new and refurbished) and carries a large inventory for purchase or rent. With over 20 years in the medical equipment business we can help you fulfill your equipment needs



And worse than a compromised network is the potential risk to patients a security breach may cause. It’s one thing for a CT scanner to be down; it’s another if that CT scanner has been impacted in a way that delivers an abnormally high dose of radiation (which really happened). Every device reacts differently when compromised.

Data security “Neverland”
Who at the hospital is responsible for addressing these network security risks? On one side we have biomedical engineers taking care of medical devices. On the other side we have the IT department that takes care of computers, smartphones and the network infrastructure. Neither side is completely equipped to deal with device security risks, and between them, there’s a “neverland” of finger-pointing over software-enabled or wireless devices that could take down both sides.

Taking steps toward security
If your organization has some improvement to do in the area of data security, knowing where to start can seem overwhelming. The following four items will help you begin to explore these issues deeply and work toward a long-term solution, as opposed to applying a Band-Aid. If you feel you can’t afford the time or resources to address these issues, listen:, you can’t afford not to. Here are a few easy steps to consider when addressing the possibility of network security breaches.

You Must Be Logged In To Post A Comment