A new report from think tank New America warns of the risks to patient safety posed by increasing adoption of technology in healthcare and the associated cyber risks.
The Do No Harm 2.0 report, authored by Robert Lord and Dillon Roseen, covers the risks of adopting technology in healthcare without the proper cybersecurity procedures, and offers 17 recommendations to address their concerns.
“The dangers to the healthcare sector of exploitable cybersecurity vulnerabilities are not imagined. Already, security researchers have demonstrated that malicious actors can exploit vulnerabilities in implanted and networked medical devices that deliver life-supporting functions, like ventilators, infusion pumps, pacemakers, and monitors,” the authors write.
In addition to medical threats, the authors also highlight the financial costs, reputational costs, and potential legal costs of breaches. The report also highlights the immutability of some health aspects as a factor in prioritizing healthcare cybersecurity.
“Robert Lord and Dillon Roseen’s report, ‘Do No Harm 2.0,’ is a valuable effort to bring awareness to the issue of cybersecurity and health care. It underscores the fact that information security is not just an IT issue, but also a patient safety issue,” said Sen. Mark Warner, D-Va., in the report’s foreword.
The authors’ recommendations focus on culture, technology, and the workforce. On culture, the report recommends that norms need to shift around healthcare cybersecurity, and suggests government standards as a way to achieve that shift. The report also recommends more multi-tiered information sharing, and a cybersecurity budget per patient ratio.
On technology, the report suggests that the Federal government offer funds to replace vulnerable legacy technology, emulate the financial sector in sector-specific technologies, and create mechanisms to clarify privacy standards.
On workforce, the report recommends incentivizing CyberCorps scholars to go into health cybersecurity, supporting cybersecurity apprenticeships in healthcare, creating Centers of Academic Excellence, and supporting an industry-wide certification.