Saturday, September 23, 2023
Saturday, September 23, 2023

Scott Trevino On How Medical Device Cybersecurity and Capital Planning Are Intertwined

By Scott Trevino, senior vice president of cybersecurity, TRIMEDX

Medical Device Cybersecurity: Medical device cyber risk is mounting while hospital financial pressures are rising. Although bolstering medical device cybersecurity defenses can require further investment, doing so also can lead to savings beyond the costs avoided by thwarting an attack — and in less obvious ways.

According to cybersecurity provider Check Point Research, global cyberattacks reached an all-time weekly high in the fourth quarter of 2021, with the healthcare industry sustaining an average of 830 cyberattacks per week. Healthcare cybersecurity is imperative as the costs of data breaches, reputational harm, and insurance premiums rise while patient safety remains the chief concern.

The proliferation of connected medical devices has heightened the potential risks. The global market of connected medical devices, such as cardiac event monitors and insulin pumps, is projected to reach a value of nearly $140 billion by 2028, a nearly 400% increase from its 2020 mark of about $27 billion, according to a report by Verified Market Research.

Often overlooked in the cyber-risk assessment of medical devices is the evaluation of replacing, disposing, or purchasing new medical equipment. With medical devices accounting for about 25% of capital expenditures, it’s prudent to add this to the list of considerations.

The importance of visibility in medical device cybersecurity

Both objective medical device capital planning and cybersecurity hinge on complete and accurate inventory visibility, which helps guide decisions related to device lifecycle management.

Knowing precisely the quantity and type of assets you have, how they are being utilized, and the status of each are the right steps to objectively plan and assess organizational risk. Factors include whether any devices have an FDA recall or alert, which devices have a known vulnerability, and if a vulnerability is found, whether a patch or compensating controls are available.

A comprehensive clinical engineering solution that provides a technology-enabled assessment of recalls, alerts, and vulnerabilities is invaluable in understanding the entire scope of risk. And a deep understanding of risk should drive capital planning.

How cybersecurity influences capital planning

Think of any big personal purchasing decision, say buying a new car. What steps can you take to ensure you are making a smart decision? You consider the history of the car and its manufacturer to better understand how prone the vehicle is to problems, problems that in the long run add to the overall cost of ownership. You consider how long the car is expected to last. You check on its safety ratings. And you may read reviews of the manufacturer’s responses and remediations to such issues. Does the manufacturer respond quickly? Are the resolutions free, or are they provided as an additional cost? Would you buy a car if it were in a major accident? And typically, the more your monthly budget goes toward the car payment and expected maintenance costs, the bigger the purchase decision is for you.

Medical device capital planning should be similar, though certainly more complex because the stakes are much higher. Comprehensive medical device cyber-risk assessment can inform capital planning by changing the traditional mindset from replacement planning to inventory optimization that drives financial savings.

Steps to include in a cyber-risk assessment include the following:

  • Evaluate the cyber-risk history of any device before purchase.
  • Assess the responsiveness of vendors. Cybersecurity performance of medical equipment manufacturers is an often-overlooked factor in capital planning. Assess the initial cost versus the ongoing expenses based on how responsive manufacturers are in responding to cyber vulnerabilities affecting their devices.
  • When determining whether to replace, relocate, or keep a device, weigh cybersecurity factors into the overall lifecycle management. Like other device lifecycle management factors such as device utilization, parts availability, and repair events, an objective cyber-risk assessment of each device is among the critical criteria to drive strategic decision-making. If a device is considered “cyber dead” without an OEM patch or alternative compensating control, an organization should prioritize its replacement.
  • Consider a technology solution that scores the degree of risk with other objective factors such as utilization and service history to ensure the evaluation is objective.

Based on such lifecycle management criteria including cyber-risk, hospitals can objectively determine whether a device should be replaced, upgraded, disposed of, or reallocated. And when a new device does need to be purchased, you can use objective historical data to identify preferred vendors.

Without such a comprehensive assessment, unnecessary or potentially unwise capital expenditure can occur. Many medical devices, for instance, are either kept using standard useful-life calculations or replaced before they have exceeded the end of their useful life based on decisions made from single data points such as depreciation or downtime. Where cybersecurity risks are a factor, some devices may just need patches or other software upgrades to improve their risk exposure.

Extending the useful life of devices defers capital expenditures and maximizes capital investments. Conversely, keeping a device and only considering the manufacturer’s useful life may overlook a critical cyber vulnerability that could put your organization at unnecessary risk. Therefore, employing strategic replacement and capital planning policies that properly weigh cyber-risk is prudent.

Cybersecurity: The new pillar of capital planning

The state of healthcare cybersecurity is drawing heightened attention from hospital IT departments to the C-suite to Capitol Hill. Health systems, a frequent target of attacks, are understandably fearful as the pace of attacks eclipses their budgets to defend against them. But comprehensive clinical engineering management coupled with robust cybersecurity assessment can recalibrate the equation.

Health systems can save money and ensure their assets are secure by optimizing medical device inventory and strategically planning capital expenditures with cyber risk in mind.

Editor’s Note: Scott Trevino is senior vice president of cybersecurity at TRIMEDX, and in this capacity, he leads efforts to define the strategy to deliver value, growth, and evolution of TRIMEDX’s cybersecurity solutions. He is responsible for identifying trends in cybersecurity technology, as well as recognizing and anticipating the evolution of clients, market, and industry needs to translate them into market-leading solutions that meet the needs of and bring value to clients.

Medical Device News Magazine
Our publication is dedicated to bringing our readers the latest medical device news. We are proud to boast that our subscribers include medical specialists, device industry executives, investors, and other allied health professionals, as well as patients who are interested in researching various medical devices. We hope you find value in our easy-to-read publication and its overall purpose and objectives! Medical Device News Magazine is a division of PTM Healthcare Marketing, Inc. Pauline T. Mayer is the managing editor.

Experts Views and Opinions

The Hollywood Writers’ Strike and Ethical AI | By Ed Watal, Founder & Principal — Intellibus

Watal writes, "Less than 12 months ago, with the debut of AI-powered ChatGPT, the true power of AI hit the mainstream. Since then, it has established an unshakeable belief in everyone’s minds that artificial intelligence is here to stay and will forever alter a number of industries." What do you think? Read on.

Viraj Gandhi On Automation and Technology – to Drive Progress in Pharmaceutical Manufacturing

This article takes a closer look at the key benefits of automation and technology in pharmaceutical manufacturing and how Medivant Healthcare harnesses these solutions to drive progress across our production facilities. Read what Viraj Gandhi has to say.

Limb Loss and Preservation Registry (LLPR) Transforms Care Through Data and Insights | By Shawn Murphy, Vice President, Thought Leadership & Innovation Foundation...

Shawn Murphy writes, "The Limb Loss and Preservation Registry (LLPR) represents a pivotal development in patient care. It stands as the first collaborative database that unites hospital and health systems, provider organizations such as Accountable Care Organizations (ACOs), Integrated Delivery Networks (IDNs) and orthotic/prosthetic (O&P) practices, focusing on both upper and lower extremity acquired and congenital limb differences, as well as limb preservation populations. This collective effort has the potential to drive substantial advancements in patient outcomes, treatment effectiveness and care quality." Read to learn more.

It Takes an Ecosystem – Bringing Stakeholders Together is a Critical 1st Step to Solving Problems In Healthcare | By Andrew Cleeland, CEO, Fogarty...

Andrew Cleeland writes, "Introducing a new medical therapy or technology is a complex, expensive, and time-consuming journey, one that is fraught with significant risk. While innovation often starts with a clear, well-defined unmet clinical need, it must be paired with an equally compelling value proposition. My mentor, Dr. Thomas Fogarty, once said, “An idea, by itself, has no importance whatsoever; it is the implementation of that idea and its acceptance by others that brings benefit to our patients.” Read on.

Chemotherapy Starts With Scalp Cooling Treatment: The Path to Improved Access | By Claire Paxman, Director of Global Training of Paxman

Paxman writes, "When Real Housewives of Miami star Guerdy Abraira recently proclaimed “Chemo Starts Now” after shaving off her hair before starting her treatment for breast cancer in People Magazine1, this made me realize just how little the general public and even celebrities like Abraria know about the medical technology being utilized today, such as scalp cooling systems, to manage and prevent chemotherapy-induced hair loss." Read to learn more.

By using this website you agree to accept Medical Device News Magazine Privacy Policy