by Lauren Dubinsky
, Senior Reporter | May 08, 2017
From the May 2017 issue of HealthCare Business News magazine
Eighty-eight percent of last year’s ransomware attacks were directed at the health care industry, according to a report by cybersecurity company NTTSecurity.
The FDA believes that the solution involves a collaborative effort among medical device manufacturers, hospitals, other health care facilities, health care IT technicians and biomedical engineers.
In a statement from June 2013, the agency recommended that steps be taken to assure safeguards are in place to reduce the risk of cyberattacks. In December 2016, the FDA released recommendations on managing post-market cybersecurity vulnerabilities for medical devices throughout the product life cycle.
Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.
But what role do biomedical engineers, also known as health technology management professionals, play in keeping these devices secure? And with everything else on their plate, do they have the time?
Tim Riehm, regional vice president for clinical technology management at Sodexo, who formerly ran the in-house biomedical engineering department at Banner Health, doesn’t think so. “For the vast majority, it’s not even a thought at the top of their head because they have too many other worries and things that they’re devoting their attention to like hospital projects and the lack of staff and resources,” he says.
Hospitals are often looking to cut costs, and one of the first areas they consider is labor. The University of New Mexico Health Sciences Center in Albuquerque announced in December that it had to eliminate more than 500 positions.
“The fact that they might need an extra body in the biomedical engineering department doesn’t mean they are going to get one, even if the work requires it,” says Riehm. “If they’re reducing nurse, physician, IT and finance head counts, they’re not going to give the biomedical department an extra body.”
Because of that, hospitals are looking to independent service organizations (ISOs) to help with device security. Sodexo offers its Electronic Protected Health Information (EPHI) program and suite, which helps to identify and mitigate device security challenges.
The program records the device’s information, including the type of platform it’s on, and then conducts an assessment to determine if the device has low, medium or high vulnerability. Sodexo then works with the hospital IT department to put mediation plans in place for each device.