Healthcare data is more vulnerable to breaches than ever. Cybersecurity incidents involving patient data hit an all time high last year — more than 50.4 million patient records were breached. With nearly 70% of medical devices projected to be connected devices by 2025, wise health systems are making cybersecurity a priority at their organizations.
Cognizant of this perilous cybersecurity environment, Indiana University Health has begun working with healthcare technology company TRIMEDX to test the security of connected medical devices at the health system’s medical device security lab.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
IU Health is a Indianapolis-based health system with dozens of facilities across Indiana. It employs roughly 36,600.
“The cyber threat landscape for healthcare continues to be dangerous,” said Nick Sturgeon, IU Health’s executive director of information security, said in an interview. “With the threats constantly evolving and the threat actors collaborating with one another, it is imperative that healthcare organizations work together to combat those threats.”
Under the collaboration, IU Health’s cybersecurity experts will work with TRIMEDX’s clinical engineering staff to confront current and future medical device security issues by conducting security testing, as well as developing and testing remediations. The lab allows the partners to test in a real-life healthcare network environment, not just in a static lab setting, Sturgeon pointed out.
IU Health chose TRIMEDX to help power the testing at its medical device security lab because of the company’s expertise in the clinical engineer space, Sturgeon said. He did not disclose other companies the health system was looking at to fill this role.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
Sturgeon also said the health system was drawn to TRIMEDX’s “state-of-the-art” technology for medical device security, skilled people, and dedication to protecting patients. The healthcare tech firm claims to have data on 92% of all active medical device models.
“TRIMEDX will be our clinical engineering experts,” Sturgeon said. “They will give us a better understanding of how medical devices work and are used in a clinical setting. Their knowledge of these systems as well as their relationships with original equipment manufacturers will be a great benefit to providing remediations for any issues discovered. At the same time, TRIMEDX will have access to cybersecurity experts who look at these devices from the threat actor’s perspective.”
Now that IU Health has a technology partner for its medical device security lab, Sturgeon said he and his team can get a lot more testing done.
The health system created the lab last year to research technology solutions to combat rising cyber threats on connected medical devices. The lab has “completed a number of security testing projects with several different devices,” and it is looking forward to working with TRIMEDX to develop and improve validation processes, according to Sturgeon.
At the lab, IU Health and TRIMEDX will focus their testing on three main areas: testing new devices in advance of them being deployed in hospitals, testing configurations and security settings, and actively scanning medical equipment for security vulnerabilities.
“I would recommend health systems start a similar program if they’re willing to do it and there’s a good opportunity within their organization,” Sturgeon said. “My hope is that other health systems will benefit from the work that comes from this lab.”
Doug Folsom, TRIMEDX’s chief technology officer and president of cybersecurity, agreed. In a statement, he said the intent of this collaboration is to see an overall decrease in medical device security threats, as well as eventually make healthcare cybersecurity research available to more organizations.
Photo: JuSun, Getty Images
