Cyberattack Simulation Raises Awareness of Patient Safety Risks

January 22, 2018

GNYHA hosted an interactive cybersecurity event at Northwell Health’s Lenox Hill Hospital on January 16. The program was conceived and executed in partnership with Northwell Health, the FBI/private sector partnership InfraGard, and I Am The Calvary, a grassroots volunteer initiative focused on promoting public safety in the cybersecurity context. The event featured two simulations of patient care scenarios: hacking an infusion pump and a cardiac pacemaker. Northwell Health and I Am The Calvary conceived the simulations, which Northwell clinicians and standardized patients carried out live.

The event also included a panel comprised primarily of clinicians from GNYHA member hospitals, including Mount Sinai Health System, NewYork-Presbyterian Healthcare System, and Northwell Health. The panelists, all of whom had varying degrees of exposure to cybersecurity education, discussed their reactions to the simulations.

Cyberattack simulation

The program’s key takeaways included:

  • Cyber threats are too often misconceived as risks to health information rather than health care. Specifically, medical device security must be considered a matter of patient safety.
  • Since medical devices are not generally designed or maintained with security a foremost consideration, there is a significant dependence on “undependable technology” in hospitals. Medical device suppliers must be engaged in new and different ways to address this risk, which affects legacy and newer products.
  • There is a pressing need in hospitals for an interdisciplinary approach to cybersecurity that includes clinicians, legal and regulatory, biomedical engineering, emergency management, and information technology.
  • Hospitals must rethink internal policies and procedures to better identify medical device issues that stem from cyberattacks and that should be reported through proper internal and external channels.

GNYHA has an interdisciplinary team of emergency management, health information technology (HIT), and legal and regulatory staff to work collaboratively on cybersecurity programming, policy and regulations, and business offerings. For more information, please contact Laura Alfredo (legal/regulatory), Zeynep Sumer King (HIT), or Jenna Mandel-Ricci (emergency management).