More hospitals assess computer security risks

As the use of network-connected medical devices continues to proliferate in hospitals, the risk of a security lapse affecting these devices increases too.

Dan Speck, a managing consultant with Burwood Group Inc., Chicago, says hospitals are becoming more aware of the risks of attack on network-connected medical equipment as the use of Internet-enabled devices increases.

For now, however, the primary threat is not hackers, but employees who bring in viruses that spread and affect medical devices, he says.

A case in point is Kern Medical Center, Bakersfield, Calif. A technology website reported that the medical center was the target of a "vicious" cyber attack when, in fact, an office worker opened a suspicious e-mail that crippled several computers in the medical center's network, says Paul Hensler, CEO, Kern Medical Center.

It took several days to recover the information, but there is no evidence that the hospital was targeted and no critical information was stolen, he says.

"The employees might go to an infected website that has been hacked, bring in a virus and the virus spreads throughout the network. They bring the threat in rather than hackers coming in," Speck explains.

He says hospitals can reduce the risk of a virus compromising their system. Segmenting the network, for example, can isolate devices so they are at less risk of an attack.

Hospitals also can minimize risk by coordinating device purchases with the security department to ensure devices adhere to standards and policies, Speck says.