The House Energy and Commerce Oversight and Investigations Subcommittee held a hearing on April 1 to address cybersecurity vulnerabilities in legacy medical devices, which often outlast their software updates, leaving patients at risk.
Lawmakers and cybersecurity experts discussed the growing risks posed by outdated medical devices that continue to be used in healthcare settings. These devices, while still operational, often lack the necessary security measures to protect against modern cyber threats. The hearing focused on the potential consequences of these vulnerabilities, including risks to patient safety and national security.
Christian Dameff, M.D., co-director of the Center for Healthcare Cybersecurity at UC San Diego Health, emphasized the stakes, stating, "The cybersecurity of our legacy medical devices thus becomes a literal matter of life and death."
Erik Decker, chief information security officer at Intermountain Health, highlighted concerns about cyber threats: "The primary concerns with attacks against medical devices are related to patient safety and national security."
Cybersecurity in medical devices is not just a technological issue but a patient safety concern. Without proper security measures, hospitals remain vulnerable to cyberattacks that could compromise patient care. As discussions continue, there is increasing pressure for regulatory action to ensure medical devices remain secure throughout their lifespan.
With evolving cyber threats, healthcare professionals have to give priority to cybersecurity in legacy medical devices to prevent loopholes that can impact patient safety and hospital operations. Frequent collaboration amongst lawmakers, security experts, and medical device manufacturers is required in order to mitigate these risks.
Legacy medical devices are older healthcare technologies that remain in use even after their software updates and security support have ended.
Many medical devices are expensive and designed for long-term use, making immediate replacement impractical for hospitals.
Hackers can exploit outdated software, weak encryption, and unpatched vulnerabilities to gain unauthorized access to hospital systems.
Manufacturers are responsible for providing security updates, but many older devices no longer receive support, leaving hospitals to manage risks.