Medical Device Security in an Increasingly Connected World

By Jimmy Diaz, Information Security Manager

One area of diagnostic imaging that has emerged in recent years and very few have the technical expertise with is cybersecurity. Security threats in the medical community are growing in frequency and severity. And as technology becomes more complex, the ways to secure your facility’s equipment and your patients’ data has become more complex as well.

Many medical devices, which includes modalities used for diagnostic imaging, are connected today to hospital networks. These connections provide tremendous benefits for patients and healthcare workers, but they also provide a way for malicious actors to gain access to the medical devices and the networks they are connected to.

At Numed, we have been preparing for this new, uncharted world for years. And in partnership with our clients, we work together to utilize security best practices that help mitigate the risks of these threats.

Numed’s partnerships in the area of data privacy protect our client’s data by utilizing safeguards such as access controls and encryption. Our objective is to effectively and practically protect all diagnostic imaging devices for our clients.

The Challenges

Legacy systems present cybersecurity challenges, as modalities such as Nuclear Medicine, MRI and CT equipment often run on older systems making it more difficult to address potential vulnerabilities. Sometimes operating systems cease to be supported soon after a medical device reaches the market, and, as a result, maintenance activities such as security patches are no longer feasible or possible. Updating to a more advanced operating system often is far more expensive than the legacy systems.

Even when certain diagnostic imaging equipment is not being deliberately targeted, these medical devices are connected to the facility network, and may be impacted.

The Solutions

With advances in technology, networking equipment such as next generation firewalls provide advanced features that help with security. The ability to increase data encryption on network equipment, deploying firewalls and network segmentation helps to secure information for Numed’s clients and their patients.

Proper visibility into connected devices and their ecosystem is critical. Once we have visibility, understanding the risk that each of these devices poses and taking necessary proactive measures to minimize this risk, such as network segmentation, is crucial. Strengthening password requirements also helps reduce risks.

The Future

Cybersecurity for medical devices has continued to make progress. The Food and Drug Administration (FDA), the Department of Health and Human Services (HHS) and device manufacturers are more active than ever. But securing diagnostic imaging equipment from cybersecurity threats cannot be achieved by one government agency alone. Every stakeholder—manufacturers, medical facilities, healthcare providers, cybersecurity researchers and government entities – all have a unique role to play in addressing these evolving challenges.

The industry is moving in the right direction. Healthcare providers in hospitals are starting to include cybersecurity requirements in their procurement processes. Some are no longer depending on the manufacturers and instead actively looking for dedicated device security solutions.

At Numed, protecting patients by fully addressing emerging cybersecurity threats is a top priority. Learn more about who we are, and how we’ve been helping our clients for 45 years, here.