Logo for print Skip to main content

Prepare Now for Critical Device Security Incidents

Bracewell’s Phil Bezanson, a leading lawyer in the firm’s data security and privacy practice, contributed to Healthcare Risk Management’s analysis on how healthcare organizations should prepare to respond to medical device cyber-safety incidents and minimize the risk to patients.

With industry experts expecting the number of medical devices per hospital bed to triple in the next five to 10 years, Bezanson noted that healthcare providers need to act now to provide safe and effective patient care.

“That is a ton of equipment, and each item needs to have its own mini-playbook for responding to a compromise. You have to know if the problem is with just this one device, or is every one just like it at risk,” said Bezanson. “What is the risk? Is it just a data collection risk, or is it a functionality risk where there can be real harm to a patient?”

The risk might be greatest for hospitals that did not employ the internal resources to address previous cybersecurity threats and had to outsource the efforts to protect networks from data breaches, noted Bezanson. Without a strong internal team with experience in protecting the hospital’s network, they might face a bigger challenge in taking a proactive approach to medical device security.

Risk managers should view a medical device security response plan as similar to other disaster response plans. When a natural disaster strikes the hospital, a plan is activated immediately and various people will know their roles. The same sort of response should trigger when a medical device is compromised.

“We’ve reached the stage where things move so quickly that you may have to make decisions very quickly about pulling devices offline and taking other steps,” added Bezanson. “You won’t have the time to pull a binder off the shelf and see what you’re supposed to do. You have to have a team that already knows.”

Click here to read more from Healthcare Risk Management.