A study (registration required) by two data security firms, Norse in Silicon Valley and SANS, discussed in a recent L.A. Times article, confirms the concerns raised by the FDA and others about increased use of internet-connected medical devices by healthcare providers and the corresponding increase in the information systems of those providers being attacked, and in some cases “infiltrated without their knowledge.” Raising significant HIPAA and data privacy and security exposures, the study finds that between September 2012 and October 2013, 375 healthcare providers have been attacked – that is, those that have discovered and reported the attack. According to the article, the attackers are able to get into systems such as “radiology imaging software, conferencing systems, printers, firewalls, Web cameras, and mail servers.”
Just as we are seeing rapid development in smartphone, tablet and similar computing technologies, there are similar advancements in medical device technologies, influenced by “Big Data” and the significant benefits that can be derived from the information obtained from connected devices. Clearly, healthcare practices, which includes their practitioners, IT professionals and compliance officers, need to be more aware of the security risks relating to the latest devices used in the practice, and address those risks before installing the new devices for use in patient care. Locking the file cabinet drawers just does not cut it any longer.