Today’s healthcare systems operate in a mostly digital world. Vast, interconnected networks enable the myriad services that make up the healthcare continuum and enable the accurate and efficient delivery of care. This digital connectivity has allowed some amazing technological advances to come to light. Things like telemedicine, wearable technologies and artificial intelligence could not exist without it.
For imaging providers, it would be difficult to imagine the practice of radiology without these transformative new technologies, many of which have led to improved efficiencies, higher diagnostic quality and better-informed, life-changing medical treatments.
A Number One Priority for Health Entities in 2022
Dependence on this highly digital infrastructure comes with important considerations for healthcare organizations. In fact, cybersecurity (and the challenges of ensuring patient safety, privacy and security) has emerged as the number one technology hazard for health facilities in 2022, according to the ECRI Institute.
This #1 ranking comes with good reason.
Last year, cybersecurity breaches were at their highest ever recorded, with more than 45 million individuals impacted by attacks on healthcare organizations. These breaches often included exposure of patients’ protected health information (PHI), representing more than a 30 percent increase from reported incidents in 2020. Cyberattacks were counted separately from ransomware attacks, which themselves showed a 59% increase in reported incidence by healthcare organizations between 2020 and 2021.
The risks for health organizations are far-reaching and come at an extremely high price. Unlike other industries that may be impacted by security breaches, a healthcare-related cyber event has the potential to not just affect business operations and revenue (which can be devastating in itself); it may also disrupt care delivery and put patients at serious risk of physical harm.
To further put this in perspective, healthcare organizations in 2021 lost nearly $21 billion in revenue caused by downtime and other operational costs related to a cyber incident. Of course, this number doesn’t include the costs that come with the erosion of patient confidence and the impact of stress on staff in the wake of a disruptive breach.
Tips for Keeping Imaging Systems Secure
Cyberattacks can create interruptions for healthcare entities — from simple appointment scheduling and check-in processes to online payment systems. Cyberattacks can also impact network-connected medical devices and the data networks they rely on to deliver time-sensitive care to patients.
Earlier this year, the FDA issued a draft of cybersecurity guidance for healthcare organizations. In addition to presenting preliminary recommendations, the FDA is seeking stakeholder feedback and recommendations for keeping digital and data breaches at bay. “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions” aims to prioritize the safeguarding of medical devices throughout their intended cycle of use.
Aside from the extensive practices and network IT safety measures most hospitals have already implemented, such as running anti-virus software, employing a virtual private network (VPN) and fortifying firewalls, there are some simple yet important steps imaging departments can take to further protect themselves from a cyber attack.
- Recognize that this is not simply an IT issue. Place high importance on cybersecurity among all stakeholders in the healthcare delivery process. This includes healthcare leaders, providers, device manufacturers and frontline employees. It takes everyone’s diligence to keep integral systems and patient data safe.
- Replace outdated equipment. All equipment (especially equipment that relies on technology interfaces to operate) comes with an expiration date. This date may not be clearly marked and will vary depending on the extent of use, maintenance and other factors. Using equipment that was designed to meet the needs of another era is an invitation for a security issue. Legacy products that cannot be updated and secured to today’s standards must be transitioned out of use.
- Conduct an equipment audit. Engage in a deep evaluation of all networked radiology equipment, placing special focus on software, open but unused ports, and older CD drives. Report any concerns to your IT team or imaging partner. Raising the concern, even if there turns out not to be one, is better than letting potential vulnerabilities continue.
- Keep systems separate. Schedule time with your IT department to verify that all essential radiology systems and their data are kept separate from office operations or other hospital departments. Only those who have security clearance to access radiology network systems should have access. There should be no personal or employee email communication connected to the imaging services network. This is an open invitation to hackers or other data infiltrators.
- Update software religiously. One of the simplest ways to keep your imaging networks and equipment safe from a cyberattack is to keep all software updates current and to apply patches in a proactive and timely manner. Lean on your equipment service providers to make sure essential updates are kept current. If a service can be added to ensure software is updated consistently, such a service is a wise investment.
Emerging Security Requirements for Internet-Connected Devices
The American Hospital Association recently issued support for the Healthcare Cybersecurity Act (S.3904), legislation that seeks to boost training related to cybersecurity in the Healthcare and Public Health (HPH) field.
“We appreciate that the bill calls for an analysis of cybersecurity risks to the HPH sector with a focus on impacts to rural hospitals, vulnerabilities of medical devices, and cybersecurity workforce shortages, among other important issues,” the AHA said in its letter to senators.
Lean on Your Trusted Vendors and Equipment Providers
Cassling customers have the double assurance of a diligent local service team and the dedication of Siemens Healthineers cybersecurity experts when it comes to making sure the equipment installed in your facilities is not only functioning and compliant with all federal requirements, but is also as secure as possible from outside attack. Our customers benefit from a state-of-the-art portfolio of products, cybersecurity management processes, and ongoing diligence and attention to cybersecurity issues to counteract the threats of today and those yet unknown.
In particular, the Siemens Healthineers Evolve Program™ is available to make sure your imaging equipment always has the most up-to-date protection. With Evolve, you can be certain that no matter how standards or protocols change over time, your system will be continually upgraded and able to perform at its full potential today and years after purchase.
Anytime you have concerns about your imaging fleet’s vulnerability to cyberattack, or if you would like to talk about ongoing plans to help keep your systems up to date with the latest software and security enhancements, we are here to bring the peace of mind that comes with knowing your partners are always watching even when you can’t, so that you can continue the important work you do without interruption.
Contact Cassling today to discuss options and see if you might be due for a cybersecurity software update.