Cybersecurity Concerns Among Top Health Tech Hazards in 2021ECRI's Chad Waters and Juuso Leinonen Discuss Cyber-Related Safety Hazards
Third-party software component vulnerabilities in medical devices are among several cyber-related health technology hazards posing significant risks to healthcare entities and their patients, say researchers Chad Waters and Juuso Leinonen of ECRI, a not-for-profit patient safety organization.
"We've noticed a lot of vulnerability disclosures regarding third-party components that may be embedded within medical devices, including network drivers within a device and maybe the operating system," Waters says in an interview with Information Security Media Group. Properly remediating the issue is challenging, he adds.
"It is difficult for many hospitals to track all the software components that are part of all the medical devices they currently have in their inventory," Leinonen says in the joint interview. "Narrowing down how one of these generic, large-scale vulnerabilities impacts a fleet of devices in a hospital is really difficult for many organizations to manage."
Other items spotlighted in ECRI's 2021 annual list of top 10 health technology hazards also call attention to heightened cyber risks, the researchers note.
Those risks are tied to, for example, the remote operation of medical devices that were designed for bedside use as well as telehealth applications and technologies that have been quickly adopted during COVID-19, such as medical equipment receiving emergency use authorization by the Food and Drug Administration.
Hospitals need to retroactively evaluate these technologies to determine if additional security measures are needed, Leinonen says.
In the joint interview (see audio link below photos), Leinonen and Waters also discuss:
- Other cyber-related concerns involving various healthcare technologies;
- Steps entities can take to help address the identified risks;
- Potential emerging risks in other health technologies.
Waters is a senior cybersecurity engineer in the device evaluation group at ECRI. He evaluates medical devices, develops practical guidance and device security alerts, and consults with healthcare facilities about medical technologies.
Leinonen is a senior project engineer in the device evaluation group at ECRI, where he performs comparative medical device evaluations and investigates device-related accidents.