Networked Medical Device Cybersecurity and Patient Safety: Perspectives of Health Care Information Security Executives
Networked medical devices and other mobile health (mHealth) technologies are a double-edged sword: They have the potential to play a transformational role in health care but also may be a vehicle that exposes patients and health care providers to safety and cybersecurity risks such as being hacked, being infected with malware and being vulnerable to unauthorized access.
Patient safety issues—injury or death—related to networked medical device security vulnerabilities are a critical concern; compromised medical devices also could be used to attack other portions of an organization’s network.
Deloitte interviewed Medical Device Security Leaders (MDSLs) from nine health care organizations as part of a study on patient safety issues related to medical device security. The results show agreement among respondents about specific privacy and cybersecurity issues, organizational differences in preparedness levels and approaches and many shared opinions about future developments needed to support the industry.
This Issue Brief:
- Describes potential risks associated with networked medical devices
- Reviews recent Food and Drug Administration (FDA) draft guidance on managing cybersecurity in medical devices
- Examines Deloitte’s interview findings in three areas: governance, risk identification and risk management
- Provides stakeholder considerations and a potential path forward.
As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.