From the May 2017 issue of HealthCare Business News magazine
Kevin Fu, a leader in the field of medical device security, will deliver the annual Dwight E. Harken Lecture during the AAMI 2017 Conference & Expo in Austin, Texas, which is scheduled for June 9–12.
Fu is CEO and chief scientist of Virta Labs, Inc., and an associate professor at the University of Michigan where he directs the Archimedes Center for Medical Device Security and the Security and Privacy Research Group.
Virta Labs helps hospitals manage cybersecurity risk for safety-critical inventory on clinical networks.
In hospitals it would be difficult to find medical device technology that does not critically depend on computer software. Network connectivity and wireless communication have transformed the delivery of patient care. But connectivity comes at a price — vulnerability to hackers, viruses and other malware.
Since federal regulators began tracking major health data breaches, more than 1,700 incidents impacting nearly 170 million people have been posted to the Department of Health and Human Services Office of Civil Rights’ breach portal. More than 90 hacking incidents were reported in 2016 alone.
“I think things will continue to get worse before they get better simply because there’s a lag time between deploying compensating controls and seeing improved outcomes. In 2017, health care delivery organizations will continue to struggle to maintain the security of their clinical networks and medical devices because of the number of legacy devices out there,” Fu predicted. “Most medical devices were not designed with security in mind, and we’re still trying to catch up.”
During his presentation, Fu plans to probe the risks, benefits and regulatory issues for medical device cybersecurity and provide insight into the development of trustworthy medical device software.
“I hope that people will come out of my presentation with a less sensational view of the issues and a more optimistic view of the future of medical device security,” Fu said. “It’s not about eliminating risk, but about controlling and managing risk. It can be done — it’s not impossible.”