Cycling out legacy medical systems and devices that create cybersecurity vulnerabilities for healthcare providers is a difficult task that could benefit from a structured incentive program, experts say.
One reason healthcare is plagued with cybersecurity vulnerabilities is that the industry is built on a bedrock of legacy systems and devices in an increasingly connected environment. Many of these devices were never intended to be connected to the internet, and patching those systems can be difficult since the impact of a security patch on an older device is often unknown.
“The healthcare sector is particularly sensitive to the internet of things,” Leo Scanlon, deputy chief information security officer at the Department of Health and Human Services said during a House subcommittee hearing last week. “Many devices were not developed with the intention of being on the internet. It was never intended they would be able to talk to other devices, yet they are.”
But, as one medical device manufacturer recently told Joshua Corman, director of the Cyber Statecraft Initiative at Atlantic Council’s Brent Scowcroft Center and founder of I Am The Cavalry, it can be difficult to pry old devices “out of healthcare’s cold, dead hands.”
Corman and his fellow authors of the HHS Cybersecurity Task Force report have a potential solution: Incentivize providers to upgrade their legacy equipment through a program similar to Cash for Clunkers, the federal initiative designed to get safer, more fuel-efficient cars on the road.
“There’s a strong argument to do something similar here,” Corman said on a conference call hosted by the Atlantic Council last week. He noted that the average device life cycle can be as long as 20 years, but most operating systems are just six or seven years.
Read the Rest at the Source: Cash for clunkers: Could it work for legacy medical devices? | FierceHealthcare
by Evan Sweeney