The healthcare technology industry has yet to develop a full understanding of the cybersecurity landscape and has a narrow view of its potential vulnerabilities, according to an AAMI news release on the Cyber Security Summit 2017 in Minneapolis, Minnesota.
“You are not an online shoe store,” cybersecurity researcher Billy Rios told attendees Monday at a half-day session focused on “future-proofing” medical device security. By that statement, Rios – the founder of WhiteScope, a security consulting business – meant that the implications of a cybersecurity attack for health care are far more serious than a breach of a retail business. Therefore, leaders in health care must set and follow much higher cybersecurity expectations.
“A patient could get hurt or killed,” he said.
These experts suggested there is a lack of foresight on the part of both the healthcare technology industry and healthcare delivery organizations (HDOs). Medical device makers are struggling to keep up with ever-more-sophisticated attacks, while HDOs view cybersecurity threats primarily through the lens of safeguarding patient data, a focus that results from the fact that they can face hefty federal penalties if such breaches occur. Yet that emphasis, Rios and others said, can come at the expense of preparing for cyberattacks that could render medical devices useless or bring down entire systems – irrespective of any potential breach of patient data.
“Probably the largest deficiency is not understanding what the threat is,” Rios said.
Visit AAMI.org to read the complete news release.