CynergisTek, a cybersecurity, privacy, compliance, and IT audit firm helping organizations in highly regulated industries navigate emerging security and privacy issues, announces a six-figure expansion contract with a large multi-site health system to conduct medical device security assessment and program development services.

Network-connected medical devices are one of the biggest cybersecurity challenges for healthcare organizations since they can often be a potential unwelcome backdoor into their environment and a risk to patient safety and privacy. On average, there are 10-15 connected medical devices per bed; multiply that by the number of beds in the U.S. and the threat of these devices materializes quickly. 

“The problem is that with the proliferation of Internet of Things, the speed at which new medical devices are introduced into a healthcare delivery organization’s (HDO) network has increased. Both new and legacy devices being used today have introduced vulnerabilities due to outdated or insecure software, poor configurations, location, etc.,” says Mac McMillan, CEO and president at CynergisTek.

CynergisTek’s medical device security team will work with the health system to evaluate the effectiveness of their program for providing ongoing risk management of connected devices and will develop policies and procedures that are unique to medical devices beginning with pre-procurement security reviews, identifying, and prioritizing risk, and updating vulnerabilities with the manufacturer. 

“Cybersecurity is complex and constantly evolving—there are so many moving parts. With the increase in IoT and the number of ransomware attacks on healthcare organizations, many are bringing in the expertise to help review and improve upon medical device security programs to ensure that they are doing their best to protect patient safety and privacy,” says Dave Bailey, vice president of security services at CynergisTek.

“Working with our client is a sign of another great partnership, and I would like to give credit to their team and the hospital’s leadership for investing in and making security a priority for their organization—many have not performed this important analysis, but the tide is shifting as more HDOs are understanding the importance of addressing this risk,” adds McMillan. “Working with CynergisTek’s team that combines both cybersecurity and clinical engineering experts helps organizations identify and address network-connected medical device security in a holistic fashion.”