In The News

How Tech, Workforce Can Reduce Cybersecurity Risk to Patient Safety


Notably, the report shies away from technologies touted as silver bullets, such as artificial intelligence, natural language processing, and machine learning. Instead, the belief is that providers can begin with tools currently in use.

For example, there have been ample conversations around legacy platforms and medical device vulnerabilities, but “little has been done to shore up the technological infrastructure of our nation’s healthcare providers.”

“The healthcare sector possesses a unique opportunity,” the report authors wrote. “Since many organizations have yet to introduce many basic cybersecurity protections and technologies, the sector can ‘get it right’ the first time, rather than trying to reshape an already entrenched cybersecurity infrastructure and culture.”

To get there, the report recommended policymakers take a number of actions.

  • Create a government-backed program to encourage the phasing out of legacy technologies and phasing in of secure and interoperable technologies.

  • Learn from the financial sector’s success in sector-specific cybersecurity investment, spearheaded by National Cybersecurity Center of Excellence.

  • Leverage a broad array of existing funding programs to spur healthcare cybersecurity basic research and innovation.

  • Create mechanisms for clarifying privacy standards, providing advice, and receiving feedback from health systems, similar to the levels of determination issued by the Internal Revenue Service.

  • Strengthen FDA requirements around medical device security, to ensure that security is baked-in at every point in the device’s life cycle.

“At the simplest level, these recommendations aim to square the incredible benefits of emerging technologies with the attendant cybersecurity risks they introduce,” the report authors wrote. “In five to 10 years, as patients benefit from the incredible advances in AI to predict their individual likelihood of getting sick, confidence that their personal information is protected by privacy and security officers equipped with innovative sector-specific tools will also be possible.”

“Patients will be able to analyze data from their wirelessly connected and implanted medical devices, knowing that those devices were designed with the most robust security testing available and that continuous updates address new vulnerabilities,” they added.