The ongoing debate between hospitals and medtechs regarding who is responsible for the cybersecurity of medical devices—which includes legacy equipment—may be detrimental to the well-being of patients.
Medical device manufacturers and hospitals are both responsible for protecting devices from cybersecurity threats and working together to manage the risks to patient safety.
However, while there is recognition of shared cyber responsibility on both sides, device security continues to be a casualty of a hospital-medtech divide that often results in finger pointing between these two stakeholders and at times a lack of coordination. The effect is that patients’ lives can be in danger from outdated and unprotected medical devices.
If cybersecurity risk is not effectively minimized or managed throughout the life of a device, it could potentially result in patient harm such as illness, injury or death as a result of delayed treatment or other impacts to device availability and functionality. The stakes are high as the FDA seeks to achieve more transparency when it comes to device vulnerabilities.
Read the full article at medtechdive.