Connected medical devices are exposing healthcare systems to cyber-attacks — Why ignoring clinical asset management is no longer an option 

Eric Oliver -

Clinical asset management needs to be a key element of a health system's cybersecurity management plan because when left unaddressed connected medical devices can expose a health system to a host of threats. 

Rethinking how health systems approach clinical asset management was the subject of a Sept. 2 webinar hosted by Becker's Hospital Review and sponsored by TRIMEDX, an industry-leading clinical engineering and clinical asset management company.

The speakers were: 

  • Doug Folsom, president of cybersecurity and chief technology officer at TRIMEDX
  • Dave Klumpe, president of clinical asset management solutions at TRIMEDX

Here are four key takeaways from the webinar:

1. Rethinking cybersecurity of your inventory Health systems have an array of connected medical devices that provide lifesaving care but also expose their system to cybersecurity threats, costly upgrades and eventual obsolescence. These devices require extensive capital and operating expenditures and, when managed improperly, can bog down finances. “In 2019, hospitals were victim to more cybersecurity threats than the total number of threats over the last four years combined,” Mr. Klumpe said. The average facility faces vulnerability from 20 percent of its medical devices that are connected to their network today, with experts suggesting that up to 70 percent of their medical devices will be connected to their network and face cybersecurity vulnerabilities over the next five years. "These trends and challenges elevate the need for a comprehensive clinical asset management and cybersecurity program," Mr. Klumpe stated. "We build our solutions to understand your [medical device] inventory [including] what you own, what's connected to the network, what software it is running, the cybersecurity status of each device versus known vulnerabilities, available OEM patches and the status of needed remediation work orders."

2. Not your everyday IoT technology. Medical devices are different from consumer electronics, and even differ from the laptops and iPads in use in a healthcare facility. Medical devices are regulated by the FDA, with all software updates requiring a review by the Original Equipment Manufacturer (OEM) to validate that the software changes continue to ensure the device is safe for patient use. Vulnerabilities in a network happen. A hospital IT department’s resources could be overextended due to focusing attention on regular traffic impacting their network and can miss critical medical device vulnerabilities that could pose a security threat and/or risk to patient safety. TRIMEDX, through a partnership with Medigate, monitors the entire connected medical device inventory in real-time and actively remediates any issues. "Our entire ecosystem is intended to draw out action by our customers," Mr. Folsom said. 

3. Drawing out action. In addition to protecting health systems from cybersecurity threats, TRIMEDX can optimize their capital and operational investments in their medical device inventory. The company uses seven components to shape their solution: 

  • National, comparative benchmarking data
  • Utilization data
  • Real-time cybersecurity monitoring
  • The TRIMEDX CYBER Risk Score
  • Detailed medical device profiles
  • The TRIMEDX RUDR ScoreSM
  • Dedicated subject matter experts

TRIMEDX uses these components to optimize a health system's medical device inventory and reduce associated costs. With benchmarking data alone, TRIMEDX can reduce costs up to 10 percent. In fact, most health systems only average 40-50 percent medical device utilization, never reaching full utilization.  Even during the peak of the COVID-19 pandemic, average device utilization only reached about 80 percent, Mr. Folsom said. This excess in medical devices requires additional capital and operating expenditures, which fuel unnecessary spending. 

4. Addressing the excessive inventory. TRIMEDX has devised a proprietary scoring system to help health systems better understand their medical device inventory. The TRIMEDX RUDR Score, an acronym for Replacement, Upgrade, Disposition and Reallocation, is like the air traffic control for medical devices. TRIMEDX examines the device fleet, assigns each item a RUDR score and then works with system leadership on, "decision making to help evaluate all the variables [around connected medical devices] and make solid decisions about what the best path for an asset is,” Mr. Klumpe said. Medical device companies often rely on planned obsolescence to encourage hospitals to upgrade their fleet. But just because a device manufacturer has stopped supporting a device does not mean that the device is obsolete. Through a rigorous clinical engineering program that performs systematic, planned preventative maintenance and completes repairs with high-quality parts, TRIMEDX can extend device useful life by 30 percent versus typical replacement cycles, saving precious capital and operating expenditures, while also allowing the system time to fund other key strategic initiatives. Managing clinical assets by obsolesce instead of actual utilization and national benchmarking, can cost systems millions in unnecessary spending, but by taking an active role, systems can have a healthy and functioning medical device inventory that is protected from cybersecurity threats and saves money for years. 

View a copy of this webinar here. Learn more about TRIMEDX here

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.