The Wall Street Journal stated that 150,000,000 health records have been breached since 2009.
Hospital Medical Device Security
Hospitals spent years shoring up their in house health records internet security. Now they are focusing on medical devices. They are demanding information such as the software that operates medical devices. The device makers consider this proprietary information and are reluctant to share it. On the other side, manufacturers are not always quick to offer software and firmware updates when a flaw is found.
It has gotten to the point where some hospitals have rejected bids and cancelled orders because of the lack of transparency. New York-Presbyterian cancelled an order for infusion pumps made by Smiths Group in 2017. Since then Smiths has updated firmware on their pumps.
Health Record Hacks Up 200% in 10 Years
Hospitals reported 140 known hacks last year up from 5 in 2009. The situation has lead to the FDA recommending that manufacturers disclose software information to hospitals. It is now common for manufacturers to respond to cybersecurity questionnaires before submitting bids.
Not covered was the role of intermediary software platforms in blocking access.
The Wall Street Journal article appeared in their May 13. 2019 issue.