MITA white paper offers suggestions to amp up cybersecurity

Cybersecurity best practices and standards by manufacturers and healthcare providers are the best way to fight off attacks, according to a white paper published by the Medical Imaging & Technology Alliance (MITA), a division of National Electrical Manufacturers Association (NEMA).

The white paper, Cybersecurity for Medical Imaging, addresses how cyberthreats pose a significant risk to patient safety, clinical and business continuity in the practice of medical imaging, and why a combination of people, processes and technologies is needed to mitigate these risks.

"We need to work together to develop and understand promising new technologies, solutions and approaches," said Raymond Geis, the IT Commission Vice Chair for the American College of Radiology, in a release. "Not only are users, enterprise IT departments and manufacturers struggling to keep up with the current milieu, this will become even more challenging with the Internet of Things [IoT] and demands for more interoperability and data exchange among disparate medical enterprises."

As imaging devices become increasingly connected to networks, a lack of IT security not only poses a significant risk to clinical and business continuity, but also to patient safety. Most, if not all, imaging technologies rely on digital technology, software and hardware connected to the IoT, which can make these systems vulnerable to cyberattacks, according to MITA.

According to the white paper, “advancing cybersecurity measures within healthcare and public health relies upon a ‘whole of community’ approach, requiring manufacturers, installers, service staff and healthcare providers alike to accept shared ownership and responsibility.”

According to MITA, manufacturers should:

• Define a way to continuously monitor vulnerabilities to detect patches and updates that will address functionality or repair vulnerabilities that might affect a particular device.
• Validate all software changes that address cybersecurity before installation to ensure that the functionality of the device has not been compromised.
• Consider options for multifactor authentication, including password fields allowing more easily remembered user-generated passwords and biometric identification.
• Allow healthcare providers to know the type and status of security software installed within devices, as well as the current status of security upgrades.

Once installed, equipment operators and healthcare organizations should:

• Deploy firewalls and make other provisions to safeguard their networked medical devices.
• Be aware of cybersecurity threats and train personnel to mitigate risks.
• Audit logs for imaging equipment and imaging informatics systems.

“Well-structured and governed collaboration in this complex ecosystem of people, processes and technology is required to safeguard the patients’ protected health information and their physical safety,” said Rik Primo, chair of the medical imaging informatics section of the MITA Cybersecurity Taskforce.

Download the complete report.