Medical device cybersecurity: A three-part plan for getting started
The situation is a cybercriminal’s favourite. Medical devices such as MRI scanners and infusion pumps are increasingly being connected to hospital networks, yet whose responsibility it is to maintain those devices’ security can be murky.
Is cybersecurity the responsibility of clinical engineering? Or is it the responsibility of information technology? Years ago, the lines were clear: Clinical engineering (CE) managed medical equipment, and information technology (IT) managed the network and the data flowing through it.
But once we began connecting medical equipment to the network and sharing data over the internet, the lines of oversight and responsibility blurred. Widening the grey area further are other types of connected devices. Is a refrigerator used to store COVID-19 vaccines considered a medical device?
Hospitals now may lack consistency and...