Connecting medical devices to healthcare provider networks can result in better patient experiences, increased data accuracy, better management of prescription administration, lower costs, and improved outcomes. There’s a significant challenge that comes along with all those benefits, however. An expanded network of MedTech, including Internet of Things (IoT) technology and patient monitoring devices both inside and outside the hospital, can create a risk to healthcare cybersecurity.
Cybersecurity Risk in Healthcare
Hackers can leverage security vulnerabilities that may exist in MedTech devices and healthcare technology systems to take control of them, use them to gain access to the healthcare provider’s network, alter code to have the technology perform in different ways, or to leverage the devices to carry out widespread attacks.
This is more than conjecture. The College of Healthcare Information Management Executives (CHIME) and healthcare IT research firm KLAS polled almost 150 healthcare IT and infosec leaders and found that 18 percent of healthcare organizations report malware or ransomware infections have infected or impacted medical devices. Although only a few of the incidents that took place over 18 months from 2017 to 2018 resulted in data breaches or an audit by the Office of Civil Rights, they undeniably raised concerns. More than 60 percent of the survey respondents lack the confidence that their health systems strategies are adequate to defend against those types of attacks. Furthermore, 96 percent of those polled point the finger at device manufacturers as the source of security vulnerabilities.
Prepare MedTech Sales Teams to Answer Questions
With rising concerns over medical device security, your sales team may encounter skeptical prospects that want to know if your MedTech systems are vulnerable. Here are five points to keep in mind as you prepare your sales reps to answer cybersecurity-related questions about your products.
When a prospect brings up the subject of device or endpoint security, the worst case scenario in a sales meeting is not to have an answer. Although your organization may have an aggressive strategy for device security and staying in front of new threats, if your sales team isn’t ready to communicate your plan, the prospect may conclude cybersecurity isn’t one of your priorities. Provide your sales team with training on healthcare cybersecurity issues relevant to the type of systems you sell and how you address them.
Don’t Downplay the Gravity of the Situation
Healthcare cybersecurity is a serious matter. Security breaches can put vital data, patients’ privacy, and their well-being at risk. It’s also detrimental to the healthcare organization itself. The U.S. Department of Health and Human Services Office for Civil Rights investigates healthcare data breaches and can levy large fines. Information on investigations is public and often fodder for reputation-damaging headlines. Don’t attempt to downplay how detrimental a security vulnerability can be to your prospect or their patients.
Don’t promise to be 100 percent secure. No one can guarantee that. Cybercrime is a lucrative business, so hackers are motivated to find ways to make it work. It seems like as soon as you fix an application or firmware vulnerability, hackers have found something new to exploit. Don’t promise something you can’t deliver.
Understand That Security is Everyone’s Responsibility
Your sales team should also communicate that your Medtech company will do its part to keep devices and data secure, but cybersecurity takes an organization-wide effort to be effective. Cyber risk management and HIPAA compliance solutions provider Clearwater found nearly 37 percent of all critical risks are related to user permissions, authentication, and endpoint data leakage, and 90 percent of providers have policies in place but don’t adequately implement them. Be willing to talk to the healthcare organization’s information security team about how to most securely implement your devices or systems.
Speak Their Language
Healthcare providers are receiving guidance on the secure deployment of medical devices, including Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook from the FDA and MITRE, and The Open Web Application Security Project (OWASP) Secure Medical Device Deployment Standard. Familiarize your sales team with how systems comply with these standards and align with security and vendor support evaluations and a privacy impact assessments your prospect will perform.
Differentiate Your Business with the Right Approach to Healthcare Cybersecurity
Healthcare providers want the assurance that there aren’t risks associated with using your Medtech system that will outweigh the benefits. Assure your customers and prospects that your organization makes cybersecurity is a priority, and, even if there has been an issue in the past, you responded promptly and effectively.
How you address this challenge can demonstrate that your MedTech company is a reliable and trustworthy partner that is committed to cybersecurity with the goal of preserving patient safety and privacy.
About the Author
Carevoyance contributor Bernadette Wilson of B Wilson Marketing Communications is an experienced journalist, writer, editor, and B2B marketer, specializing in content for technology companies.