Continuing with this week’s theme of internet-connected devices in healthcare, let’s read some startling statistics from Cisco. In 2017, the Food and Drug Administration (FDA) recalled 465,000 pacemakers after security vulnerabilities were discovered that put patient’s lives at risk. Sixty-three percent of healthcare organizations experienced a security incident related to unmanaged internet of things (IoT) devices in the past two years.
Sixty percent (60%) of medical devices are at end-of-life stage, with no patches or upgrades available. And the average age of medical devices being used by hospitals and healthcare organizations is 20+ years, making them significant targets for hackers.
Add mobility to the mix, and you have even more devices to secure. Four out of five clinicians use smartphones each day, and 71% of clinicians said their hospital allows BYOD use.
How can UTHSC protect our devices used on campus and our partnering facilities? First, we need to identify every endpoint (device) that is on our network. The Office of Cybersecurity’s Vulnerability & Patch Management Team keeps our devices updated, if we know about them. Reach out to your business managers to make sure your devices are managed. If not, contact the UTHSC help desk at 901.448.2222 to get them inventoried.
Second, report any suspicious activity to the Office of Cybersecurity (abuse@uthsc.edu) or 901.448.1880 so that we can quickly identify, isolate and remediate cyber attacks.
Third, we need to control access to patient data and the device, location and user level to minimize risk. Using the principle of least privilege, only users that need access should have it, and only to the information they need to have in order to complete tasks.
Together, we can make UTHSC more secure. Do Your Part. #BeCyberSmart