The stunning news that a California hospital paid ransom to regain control of its computer systems after a malware attack serves as a stark reminder that healthcare facilities need to take a focused and strategic approach to cybersecurity – and AAMI has the resources to help.
In February, Hollywood Presbyterian Medical Center paid nearly $17,000 in ransom to take back access to its electronic records, including sensitive patient data, after a hacking attack that is now under investigation by the FBI. The network had been shut down for about a week, affecting everything from electronic health records to networked medical devices.
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key,” the hospital’s chief executive, Allen Stefanek, said in a statement. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”
Based on federal records, hundreds of cybersecurity breaches have been reported by healthcare institutions, including medical providers, insurers, and hospitals. This includes a Texas facility that went down for a week in early 2016 due to ransomware, and a Florida hospital that was the victim of a similar attack in September 2015.
“The best approach to cybersecurity, for both healthcare delivery organizations and device manufacturers, is a proactive one,” said Mary Logan, president of AAMI. “What we’ve heard from security experts time and time again is that you can’t add on cybersecurity after the fact, you have to build it in – to devices, systems, and the culture of an organization. If you don’t invest in protecting your network up front, you will pay for it later.”
AAMI has developed a number of resources to assist healthcare manufacturers and healthcare delivery organizations with identifying and mitigating cybersecurity issues:
• Horizons – Cybersecurity in Healthcare: What You Need to Know. This issue of Horizons addresses issues fundamental to cybersecurity, reports on key trends, and offers insights on protecting medical devices and technology from cyberthreats.
• ANSI/AAMI/IEC 80001-1.This national standard focuses on risk management for IT networks that incorporate medical devices. It defines responsibilities for medical device manufacturers, IT developers, and those engaged in installing, using, reconfiguring, maintaining, and decommissioning IT networks.
• BI&T cover story – “Is Your Patient Data Secure?” This article addresses cybersecurity threats hospitals face and highlights the role healthcare technology management professionals play in assessing risk and securing network architecture.
• FAQs for the Wireless Challenge in Healthcare. This complimentary resource is intended to help healthcare technology, information technology, and facilities management professionals understand how to best use, manage, and secure wireless technologies in healthcare settings.
All of the resources are available from the AAMI website, www.aami.org.
AAMI Report Takes Hard Look at Medical Device Sustainability
Suppliers, manufacturers, distributors, and other healthcare technology professionals all have a responsibility to reduce potential negative impacts on the environment when making decisions involving the development and use of medical devices, according to a technical information report (TIR) released by AAMI. The report does not try to define what sustainable practices look like for each group of stakeholders, but instead provides general guidance for how organizations can reduce their environmental footprint and be better global citizens when it comes to medical technology.
The document, AAMI TIR65:2015, Sustainability of Medical Devices – Elements of a Responsible Product Life Cycle, is a first for AAMI in viewing healthcare technology through the prism of responsible environmental and social stewardship across the entire life cycle of a device.
Environmental considerations relate to reducing waste and embracing “green” practices. Social considerations refer to fair labor and business practices.
“TIR65 describes how the product life cycle can be designed so as to ensure medical devices ‘do no harm,” said Ramé Hemstreet, vice president of operations and chief sustainable resources officer for National Facilities Services of Kaiser Permanente and co-chair of AAMI’s Sustainability Committee, which authored the report. “It’s important to know that the device that may save your life isn’t unintentionally and unnecessarily contributing to the environmental and social factors that can be detrimental to human health.”
The majority of the report focuses on environmental sustainability. According to the committee, although medical device manufacturers play the largest role in determining the environmental impact of their products, organizations that purchase and/or use those devices make choices that also can affect how they impact the environment.
For manufacturers, environmental factors that should be taken into consideration include:
• Product and packaging design
• Raw material selection
• Use of recycled materials
• Manufacturing practices
• Resource management, such as decisions related to energy use, air quality, and water
• Distribution practices
For users and purchasers, decisions that affect a device’s environmental impact include those relating to:
• The original selection and acquisition
• Routine maintenance and repair
• Medical gas usage
• The question of single use versus reprocessing
• Recycling, refurbishment, or donation
“TIR65 should begin a dialogue as to how to best reduce the impact of manufacturing, packaging, shipping, utilizing, and disposing of medical devices,” Hemstreet said. “I hope the TIR helps raise the visibility of these considerations, and in some cases, even causes tangible actions to occur.”
The report builds on the AAMI Sustainability Committee’s 2013 white paper, Elements of a Responsible Product Life Cycle, and reflects a collaborative effort involving device manufacturers, healthcare providers, professional organizations, and sustainability advocates.
TIR65 can be ordered from the AAMI Store, www.aami.org/store.
High School Students Shine in AAMI Essay Contest on Healthcare Technology
This past fall, AAMI challenged high school students from across the country to describe a healthcare technology of the future and how it would improve patient care. More than 250 essays were submitted, and three were selected as winners by members of AAMI’s Technology Management Council (TMC).
When evaluating the ideas submitted by students, members of the TMC were not considering whether they might be products in development at leading manufacturers. Rather, TMC members were assessing the creativity of the students.
The TMC awarded top honors to Stanley Rozentsvit, a junior at Leon M. Goldstein High School for the Sciences in Brooklyn, New York. Rozentsvit’s prize-winning essay focused on a device that would help doctors diagnose illnesses such as cancer or coronary artery disease earlier by detecting biomarkers in the blood.
“The key to detecting biomarkers at the beginning of a disease is a device that senses and distinguishes between blood protein levels transcutaneously, or through the skin. A system like this would eliminate the need for a patient to visit a doctor for a biomarker blood test because the device could be worn at all times, sensing protein elevations in vivo,” Rozentsvit wrote.
Katie Karmin, a junior at North Shore Country Day School in Winnetka, Illinois, was selected as the second-place winner, and third place was awarded to Alicia M. McMahon, a junior at Tamalpais High School in Mill Valley, California.
AAMI President Mary Logan commended all of those who participated.
“Thank you to all of the students who submitted an essay for this contest, and congratulations to Stanley, Katie, and Alicia,” she said. “It is by encouraging young people to think about new ways to solve the problems we are facing in healthcare today that the future of medical technology will be built.”
For more information, please visit www.aami.org.
