How Biomed Techs Can Contribute to Cybersecurity
Connected healthcare devices that interface with other equipment and EHR help minimize preventable errors that compromise compliance, impact the bottom line, and endanger patients. Internet-connected devices, or the Internet of Medical Things (IoMT), allow remote devices to communicate wirelessly, supporting valuable telehealth services like remote patient monitoring and care collaboration. All these benefits mean connected equipment increasingly dominates the medical device market. A report by Deloitte estimates that by 2023, connected devices will represent 68% of new medical device production.
As connectivity and interoperability grow, the potential for criminals to identify and exploit gaps in security is quickly becoming a significant threat. While data breaches can have serious repercussions, cyberattacks that impact medical devices at the point of patient care are a truly dangerous prospect. Once strictly the domain of IT, hospital cybersecurity now requires cooperation between many departments. Keeping cybersecurity siloed can have drastic, possibly fatal, results.
Certainly, involving the leadership of HTM and clinical are essential steps towards a comprehensive cybersecurity approach. But health systems should not underestimate the contributions that biomedical technicians, who work with this equipment every day, can make in the fight to keep connected devices safe from ransomware attacks and other cyber threats.
Biomedical Device Cybersecurity Risks
Data breaches that compromise patient privacy can have medical consequences. But attacks that compromise devices at the point of care could lead to injury or death. After a 2019 ransomware attack on an outside cloud service forced an 8-day network shutdown at an Alabama hospital, medical staff continued delivering care without access to patient records or fully operational devices, including a fetal heartbeat monitoring system. In 2021, the parents of a baby born who suffered brain damage during delivery at the time of this outage and later died filed a lawsuit against the hospital. If the courts decide in the parents’ favor, the incident will go on record as the first confirmed death in a hospital caused by a ransomware attack.
Unfortunately, ransomware isn’t the only reason to be concerned. According to experts, potential cyber threats involving medical devices include:
- Malware infections
- Denial of service (DoS)
- Accessing wireless devices, including implanted medical devices
- Sensor spoofing
Cyber attacks frequently exploit design flaws, including a lack of identifying sequence numbers or timestamps, insufficiently randomized network addresses, poor authentication schemes, and software bugs. Attacks on IoMT devices often involve unauthorized access to offline data stored on smartphones, tablets, or smartwatches that connect to the medical device wirelessly through a mobile app.
How Biomed Techs Contribute to Better Cyber Security
Bridging the Gap Between IT and Clinical
Biomed techs report to clinical engineering or healthcare technology managers. But their job is to keep devices up and running on the floor, so they observe devices in the field and interact with clinical staff daily. They also work with IT to solve many network and software issues. As such, Biomed techs bridge the gap between IT and clinical.
For example, the focus of clinical staff on care quality is often at odds with IT’s focus on end-user security. Biomed techs understand the drive behind the goal of each department and the practical constraints Thus, they are uniquely positioned to advise IT on reducing endpoint complexity while simultaneously helping to streamline clinical workflows and educate nurses and other staff regarding security procedures.
While HTM departments are responsible for procuring and maintaining equipment on a macro scale, and clinical engineering is responsible for designing and implementing biomedical systems, biomedical technicians service and maintain that equipment. Biomed techs have a first-hand understanding of the status of device fleets.
An experienced Biomed tech will make valuable connections that support effective inventory decisions. For example, a tech may see a significant link between design flaws in one device and a newer model or between different OEMs that even the vendor might not recognize. Techs might also notice how cybersecurity concerns change when the same model is used for different departments or hospital floors.
Remaining in compliance with HIPAA and other regulatory privacy and security requirements means taking a comprehensive approach to safeguarding patient data. The FDA’s evolving guidance for medical device cybersecurity states that healthcare delivery organizations “are responsible for implementing devices on their networks and may need to patch or change devices and/or supporting infrastructure to reduce security risks.”
While IT and clinical engineers may be involved in broader changes, Biomed techs will likely implement them. More importantly, techs in the field who recognize gaps in cybersecurity and address them in real-time are a boots-on-the-ground line of defense that can prove invaluable to remaining compliant. An inventive solution by a skilled Biomed tech could save hundreds of thousands in non-compliance fees and protect the hospital's reputation while ensuring patients' safety and privacy.
The Bottom Line: Involve Techs in Cybersecurity Now
Hospitals and health systems should not hesitate to integrate Biomed techs into their cybersecurity strategy. Recommendations for proactive steps organizations can take include:
- Ask vendors and OEM reps about cybersecurity trainings
- Provide cross-training between Biomed and IT technicians
- Involve Biomed techs in cybersecurity briefings
- Seek the input of Biomed techs when developing cybersecurity protocols
It’s also critical to allow biomedical staff, including technicians, to collaborate with IT on risk mitigation and remediation protocols.
Organizations recognizing the frontline role of Biomed techs can build a more robust defense against ransomware and other cyber attacks. As connected device networks and the IoMT become more and more ubiquitous in healthcare, hospitals and health systems must harness the skills of biomedical technicians to keep vulnerable patients safe from dangerous cyber threats.
Want to learn more about the important role of biomed techs and how the impending biomed tech shortage will impact hospitals across the country?