Security of Patient Monitoring on a Medical IT Network

Physiological monitoring technology has advanced the last number of years to enable these devices to be incorporated onto healthcare provider’s networks. The difficulties faced by providers in relation to cybersecurity of infrastructure and medical device systems were highlighted recently with the WannaCry ransomware attack in May 2017 and a major ransomware attack suffered by the Health Service Executive (HSE) in May 2021.

The standard IEC 80001 1, “Application of risk management for IT networks incorporating medical devices Part:1 Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software”, defines roles, responsibilities and activities that are necessary for risk management, before during and after connecting medical devices to IT infrastructure [1]. Aragaw et al., recommend that improving cyber resilience within a healthcare provider is a shared responsibility [2].