Published: 27 September 2017
Connected medical devices offer the potential to improve patient care and operational efficiency, but also introduce new privacy and security risks. Healthcare provider security and risk management leaders should rethink their privacy and security practice in light of these new risks.
Included in Full Research
- Privacy rules and regulations, such as HIPAA and GDPR, put a tremendous onus on providers to assure privacy for sensitive data generated and transmitted by connected medical devices
- Regulatory guidance on security as a shared responsibility between medical device manufacturers and healthcare providers is vague and nonbinding, creating ambiguity about which procurement practices providers should follow to ensure medical device security
- Legacy medical devices that were not designed to be internet-accessible are now being connected to the internet as part of healthcare initiatives, increasing risks and the attack surface