The conversation opened with John Batchelor highlighting the pervasive role of data in contemporary life, particularly in healthcare. I underscored the critical question of whether such data are truly secure and protected from malicious actors. I related an unfortunate incident at a small regional hospital, which led to hacking of the institution's computer system, and the challenge of managing costs and demands when information is continually updated.
I delineated two primary avenues through which healthcare systems can be compromised:
- The susceptibility of smart medical devices, such as pacemakers and insulin pumps, to hacking, which threatens patients' well-being.
- Major cybersecurity breaches can result in chaos, including the canceling of surgeries and critical medical procedures. The fragility of hospitals increased during the height of the pandemic, when strained resources led to the postponement or cancelation of outpatient diagnostics and treatment.
As a potential remedy, I mentioned the 3-2-1 backup approach endorsed by the federal Cybersecurity and Infrastructure Security Agency (CISA). This strategy advocates saving three copies of critical healthcare data in at least two different formats, with one copy stored offline to mitigate exposure to ransomware and other cyber-threats. We also touched on the significance of cybersecurity protocols, such as password changes, as a frontline defense for hospitals. I noted that while essential, these measures might not fully address the issue, especially when individuals are negligent in handling personal emails on work computers.
Although Congress has introduced requirements for the FDA to enhance cybersecurity for medical devices, the lack of resources for implementation suggests there will be protracted delays in fortifying the healthcare industry against cyber-threats.
You can find the complete audio of our conversation here. Looking for a bit more? Here is my article on our website.