ProSource360 believes that protecting network medical devices is an essential component of patient safety issues above and beyond the FDA’s efforts and recommendations that manufacturers consider controls such as limiting access to devices via authentication features, using layered authorization models based on specific user needs, and implementing methods for retention and recovery of device configuration by authenticated users.
It is incumbent that medical facilities ensure formal hazard analysis of the risks associated with devices include information technology i.e. software vulnerabilities be considered as a standard manner in which to manage medical devices used within their facilities. Cyber security risks have to be addressed via a formal and methodical approach. Failure to heed the recommendations on the implementation of appropriate controls or documentation of those controls could result in endangering patients, and harming the risk associated with practicing modern medicine. Effective cybersecurity management is intended to reduce the risk to patients by decreasing the likelihood that device functionality is intentionally or unintentionally compromised by inadequate cybersecurity.
Key challenges in Medical Device Management in 2015:
- Alarm hazards: Inadequate alarm configuration policies and practices
- Data integrity: Incorrect or missing data in EHRs & associated health IT systems
- Mix-up of IV lines leading to misadministration of drugs and solutions
- Inadequate reprocessing of endoscopes and surgical instruments (maintenance)
- Ventilator disconnections not caught because of mis-set or missed alarms
- Patient-handling device use errors and device failures
- “Dose creep”: Unnoticed variations in diagnostic radiation exposures
- Robotic surgery: Complications due to insufficient training
- Cybersecurity: Insufficient protections for medical devices and systems
- Overwhelmed recall and safety alert management programs