Are Your Imaging Devices a Cybersecurity Risk?

83% of medical imaging devices lack a supported operating system, putting them at risk of being attacked and having their data exploited

https://www.dotmed.com/news/story/50492?s=newsreg

Now that Windows 7 has reached end of life, more imaging devices are left with an outdated operating system, exposing potential vulnerabilities in a health facility’s network per the article above. Reading this made me realize that our clients’ networks may be at risk when they don’t even know it. We’ve worked with clients whose equipment still runs on Windows XP or older, and while it may work fine for patient use, it raises concerns about cybersecurity.

With everything from pacemakers to fixed imaging systems connected to one network, it can be easy to overlook items that store patient data and leave weak spots that give access to other connected devices such as the EMR system. What this means for you is that it might be time to assess and evaluate your equipment to proactively protect your network. For each medical device that has an operating system (OS), you should ask:

  • Is this device’s OS up to date? If not, is there an upgrade?
  • Should you use funds to upgrade OS or invest in a newer device?

Age, condition, and fair market value can help in decisions for allocating funds. Once you understand how much your equipment is worth, you can weight the costs of selling and replacing versus upgrading the current system. It is important to keep track of these assets through biomed, IT, etc. so they can be checked for patches that become available in the future. Keeping an updated inventory of equipment and their condition will also help to inform when your equipment needs replaced in order to maintain a secure network.

Even if you’re not in an IT department, you can still have control over the medical devices you use and their connections to the network as a whole. We here at MRG provide assessment, inventory, and resale services to assist you through each step of the equipment lifecycle and empower you in improving network security.