With medical device cybercrime at red-flag levels, protecting against attacks is a pressing need for hospitals. After that, it’s full-steam-ahead on operational and clinical optimization.
Here’s a bold statement, but it’s true: With healthcare technology management (HTM), cybersecurity for medical devices is a priority. Especially now, with healthcare being the second-most prone industry to cybercrime,1 it should be top-of-mind for you.
The Case for Medical Device Cybersecurity
Would you wash and detail your new luxury car, add speakers or other upgrades, and then leave it unlocked? It sounds absurd, but that’s what happens when hospitals lack an ecosystem of security that protects their equipment—when they invest millions in operational or clinical upgrades, without protecting assets from outside threats.
Those threats are out there, waiting. With medical device cyberattacks on the rise,2 many hospitals end up cleaning up the aftermath of faulty security: More than 9 in 10 healthcare organizations have endured at least one attack.1 Attacks disrupt operations, can cost millions to repair, and can put care delivery at stake.
That’s why it’s necessary to double-down on cyber defense: lock the car: Secure your system.
Step 1: Invest in an Always-On Security System for Medical Technology
Between VPN, ad-hoc patches, and firewalls, aren’t hospitals already doing all they can? Yes and no. Though information officers and engineering directors have long known of cybersecurity risks, fixes have historically been device-specific and inherently limited.
Plus, with a labor shortage of cybersecurity professionals,3 many health hospitals—through no fault of their own—lack the internal workforce to build and bolster a service infrastructure for asset protection.
Another problem is that defining ownership of security roles is tough. What role do radiologists play in cybersecurity? Or biomedical engineers? Or IT professionals? Medical devices are not computers and require different security and expertise. Cybersecurity is a specific skillset that hasn’t traditionally been part of biomedical maintenance programs.
Skeye, GE Healthcare’s vendor-agnostic networked medical device cybersecurity service is manned by highly trained cybersecurity professionals. Skeye provides risk remediation4 and real-time analytics to help predict and preempt security problems across networked medical devices.
Most importantly, with turn-key security support, everyone—even smaller rural hospitals without the budget to build their own security team—can have the confidence of a scaled security program, together with the skilled workforce to cost-effectively execute it.
Of course, once medical devices are secure, that’s when asset and clinical optimization become all the more important.
Step 2: Optimize Operations for Cost Control and Patient Care
In compliance with regulations, assets should be maintained regularly to avoid breakdown and resulting impacts on patients. Other outstanding needs include asset availability, management, and utilization: Do you have more assets than you can keep track of? Where are they? How can you minimize downtime? Are you getting the best return on your investments?
These questions deserve consideration, because without optimizations on the operational side, the clinical team can’t do their job. What good are new infusion pumps if you can never find them, or an MR if downtime amounts to rescheduled exams?
Technologies like real-time location systems (RTLS) comprise a big component of smart operational investments. With real-time analytics, leaders can monitor asset usage, identify areas of equipment shortage or surplus, find lost assets, and account for capital planning and service needs to minimize clinical impact and cost.
These benefits yield big bottom-line returns: GE Healthcare's Encompass platform, for example, has helped save Mercy Health System nearly $13 million in operational savings.5
As another key investment, proactive monitoring, such as GE Healthcare’s OnWatch, helps prevent against unplanned system downtime with up to 30 percent faster repair time by keeping 24/7 tabs on metrics in between scheduled maintenance checks.6
Step 3: Optimize the Clinic for Better Flow and Patient Satisfaction
With security in place and assets optimized, the next step is to focus on profitable investments in the clinic that keep patients on their care pathway.
Joint Commission accreditation fits in here, which calls for technology improvements such as dose management. With GE Healthcare’s DoseWatch™, for example, clinicians can monitor patient dose of radiation or contrast media.
Other clinical pain points like lost exam slots or inefficiencies could also be addressed with upgrades such as Imaging Insights or Imaging Protocol Manager to help standardize clinical workflows, reduce wait times, and improve patient satisfaction. Such changes have resulted in up to a 37 percent increase in exams per week, for example.7
Breaking Down Silos for People, Process, and Technology
Even with this roadmap, hospitals must adopt a more wing-to-wing approach: Technology initiatives shouldn’t be strictly within the radiology or cardiology departments. They should be everywhere the patient’s care pathway touches—which is, by the way, everywhere in the hospital.
Of course, the technology is important, but that is just one piece. New technology only operates as well as the underlying people and processes. We at GE Healthcare recognize the importance of that trifecta—people, process, and technology—and we stop at nothing to help ensure our customers have everything they need to efficiently deliver extraordinary care.
1. Healthcare Cyberattacks Cost $1.4 Million on Average in Recovery, Health IT Security, https://healthitsecurity.com/news/healthcare-cyberattacks-cost-1.4-million-on-average-in-recovery, Accessed Dec. 20, 2019.
2. Cyberattacks on Medical Devices Are on the Rise—and Manufacturers Must Respond, Institute of Electrical and Electronics Engineers, https://spectrum.ieee.org/the-human-os/biomedical/devices/cyber-attacks-on-medical-devices-are-on-the-riseand-manufacturers-must-respond, Accessed Dec. 20, 2019.
3. How Your Cybersecurity Staffing Can Survive the Baby Boomer Exodus, Security Magazine, https://www.securitymagazine.com/articles/88465-how-your-cybersecurity-staffing-can-survive-the-baby-boomer-exodus, Accessed Dec. 20, 2019.
4.Applies only to medical devices under GE Healthcare service contract.
5. Transformation: From Break-Fix Maintenance to Comprehensive Healthcare Technology Management Program. GE Healthcare, https://www.gehealthcare.com///-/jssmedia/global-01/services/healthcare-technology-management/mercyhealth_casestudysp_jb64350us_jan2019.pdf, Accessed Sep. 12, 2019.
6. GE Healthcare White Papers: Proactive Digital Service for MR Scanners: Evaluating User Impact (2017) and Determining the Benefits of Proactive Digital Service for Computed Tomography Scanners (2014).
7. Estimate based on Radiomed customer testimonial, https://www.youtube.com/watch?v=QGOsiBbRaUE. GE Healthcare cannot guarantee the same outcome for all customers.