September 23, 2024

Legacy medical devices with outdated software pose significant cybersecurity risks to hospitals. While newer FDA regulations focus on strengthening cybersecurity for devices before they hit the market, many older machines in hospitals remain vulnerable. Here are four steps experts suggest mitigating these risks:

  1. Identify Devices: Hospitals must first identify all devices connected to their network. This is challenging due to the sheer volume and variety of connected devices.
  2. Understand Vulnerabilities: Assessing device vulnerabilities helps hospitals prepare for emergencies and implement patches or updates where possible.
  3. Use Network Segmentation: Separating vulnerable devices into their own networks can limit the spread of malware and safeguard critical systems.
  4. Shut Down Devices: If a device is too risky or compromised, disconnecting it from the network is the last resort, though this decision must balance patient care and security needs.

Addressing legacy medical devices will take time, requiring cooperation between manufacturers, hospitals, and regulators to secure healthcare systems against cyberattacks