Today’s hospitals are more connected than ever. According to research from ECRI Institute, there are approximately 15 to 17 medical devices per bed, and about one out of four of these bedside devices are networked. The benefits of having software incorporated into medical devices are numerous, but, as reported by Hospital and Health Networks, it also poses great risks to cybersecurity.

With recent ransomware attacks, such as WannaCry and Petya, and with hospital clinical technology connected to IT systems more and more, the cybersecurity risks associated with medical devices grow each day. 

Anthony J. Montagnolo, M.S., executive vice president and chief operating officer of ECRI Institute, lays out three steps hospital leaders can take to prevent cyberattacks.

  • Prioritize. As a first step, make sure you consider medical device cybersecurity in the context of other cybersecurity risks within your organization. Work with management to prioritize which types of connected medical devices need attention first.
  • Identify. Now that your management team knows which device types to start with, step two requires that your organization create an inventory of all equipment in the device type that includes key information like exact software version and network configuration settings
  • Protect. Step three is the active practice of maintaining and improving your medical device cybersecurity. Work with device vendors to make sure your organization is getting updated software to patch identified vulnerabilities.