An intriguing infographic arrived in my inbox today. Originating from a U.S. company, it showcased the usual graphs and charts illustrating the effects of cybersecurity breaches on healthcare organizations, along with their financial consequences. However, here in Canada, the outcomes of cyber events seldom revolve around monetary losses or reputational damage. As public institutions, our driving force isn’t profit; instead, it’s the provision of free, high quality, and accessible care. Nevertheless, there were other fascinating statistics that resonated more deeply from a Canadian healthcare perspective – specifically, how a cybersecurity attack could negatively impact patient care and outcomes.

The Patient-Centric Impacts

Patient-centric outcomes following a cyber event span a spectrum, encompassing delays in treatment accessibility and extended hospital stays. However, it’s the increased mortality rate associated with cyber events that is the most shocking. A compelling 2022 Ponemon study established a link between cyber incidents within healthcare institutions and the subsequent negative effects on patient outcomes. As public-sector bodies tasked with providing quality, timely, and safe healthcare to the general population, these metrics should give us pause. Moreover, they provide some degree of legitimacy to what many of us anecdotally suspected – cybersecurity events impacting healthcare institutions cannot help but have negative impacts on patients and their care.

Vulnerabilities in Medical Devices

While the implications for patients are evident, the study further underscores a different area of concern. An astonishing 64% of respondents were concerned about the insecurity of connected medical devices and the risks this posed to their operations. For a multitude of reasons, connected medical technology is undeniably the “weak link” in an organization’s overall cybersecurity posture. Noteworthy takeaways from the study include:

• The average organization supports more than 26,000 network-connected devices.
• 64% of respondents harbor concerns about medical device security.
• Insecure medical devices rank as the leading cybersecurity threat.

Expertise Deficits and the Operational Landscape

Compounding the challenges of addressing these concerns and making progress toward better medical device security is another key factor, also identified in the Ponemon report: a lack of expertise in cybersecurity.

This is a global phenomenon, and when you add in the unique operational environment of Clinical/Biomedical Engineering departments, the pool of available talent becomes smaller still.

Funding Challenges

In Canada, making the business case for spending and adequately resourcing cybersecurity programs, especially within Clinical/Biomedical Engineering, can be challenging. Most available statistics and focus are on the financial penalty to revenue, but as previously mentioned, they are not strong drivers of change in Canadian healthcare. The Ponemon research and other similar studies are finally making a causal link between cybersecurity events in healthcare facilities and negative patient outcomes – something that Canadian hospital administration can understand and utilize when budgets are decided and allocated.

Forging a Safer Path Forward

All these points are hopefully pushing Canadian healthcare facilities to further invest in the systems and people needed to ensure the continued safe availability of healthcare for Canadians. It’s important that we in the Biomedical Engineering community are part of this shift and are engaged in these conversations that will continue to shape and evolve our role within Canadian healthcare.

Are you in Biomedical / Clinical Engineering and need help with the cybersecurity of medical devices? Feel free to reach out – we’re here to help.