Cybersecurity Vulnerabilities Associated with Patient Monitoring Device

FDA Identifies Cybersecurity Risks Associated With Widely-Used Patient Monitoring Device | MLMIC Insider

A recent U.S. Food and Drug Administration (FDA) announcement cautions healthcare organizations and providers “about cybersecurity vulnerabilities identified for certain GE Healthcare Clinical Information Central Stations and Telemetry Servers.” The agency says these devices, primarily used to display patient information and monitor patient status, are at risk of remote attacks that take “control of the device to silence alarms, generate false alarms or interfere with the function of patient monitors connected to these devices.” Furthermore, these devices may interpret an attack as “normal or routine network communications,” leaving it undetected and “invisible to existing security measures.”

To address these vulnerabilities, the FDA advises facilities “to segregate the network connecting the patient monitors with the affected GE Healthcare Clinical Information Central Stations and Telemetry Servers from the rest of the hospital network.” Additionally, the agency recommends use of “firewalls, segregated networks, virtual private networks, network monitors, or other technologies that minimize the risk of remote or local network attacks.”

Click here to read the FDA’s complete guidance on reducing cybersecurity risks.

MLMIC also offers a number of resources that can help policyholders mitigate cybersecurity threats:

New Cybersecurity Protocol for New York State Healthcare Organizations, a blog post on New York State cybersecurity protocols for safeguarding private information;
Resolving Health IT-Related Patient Safety Events, a blog post with guidance for improving patient safety through proper reporting of adverse Healthcare Information Technology events;
FDA Issues Warning About Serious Security Flaws in Critical Medical Devices, a blog post on addressing cybersecurity vulnerabilities identified in a third-party software system commonly-used by healthcare facilities; and
Security of Patient Information and Health Information Technology, a risk management tip for maintaining the security of computers and other electronic devices in medical offices and hospitals.