Currently, the devices under inspection by the Industrial Control Systems Cyber Emergency Response Team of the DHS mainly include implantable infusion and heart systems, such as pace makers or insulin pumps. The function of such devices can be controlled via outside wireless connections, and there is some fear that malicious hackers could subvert medical treatments to harm patients. Infusion systems and other devices within hospitals that operate from wireless connections are being reviewed for the same reason. According to Reuters, companies manufacturing the devices in question report no known hacks of their devices, so the investigation appears to be based on an abundance of caution and desire to prevent possible negative outcomes.
Wireless Medical Imaging systems are not currently on DHS’s list, as there is little chance a hacker can cause damage through overtaking such a device. As with any new medical innovation, however, facilities must take care to safeguard patient information housed within Digital Imaging Systems. Radiology reports or images that contain personal data about the patient, including full name and any medical information, could be vulnerable to hacks as cybercriminals increase attacks on medical records.
In some ways, digital images are easier to protect than traditional film X-rays. Digital images can be processed and communicated via secure, encrypted channels; film has to be physically transported to various practitioners, making loss of documents or exposure of data more likely.
Facilities that use digital imaging in conjunction with electronic medical records can further enhance data security for patients by using strong password protocols, and limiting access to data on a need-to-know basis. Working with vendors that supply Wireless Medical Imaging technology or Electronic Health Record software to secure data, according to compliance protocols such as HIPAA, mitigates risks to both the patient and the provider.
