Cybersecurity Threats Demand New Skills From Clinical Engineers

By Eddie Myers, Crothall’s Program Manager for Cybersecurity Solutions

Imagine this realistic scenario where Crothall’s Healthcare Technology Solutions could be called upon to help one of our hospital clients recover from a cyberattack. It goes like this:

A hospital employee saves data on a USB drive. But unknown to the employee, a cybercriminal has placed malicious software on the drive. Once placed on the hospital’s computers, the malicious software is activated and infects much of the computer network.

Several medical devices, such as the MRI machines, CT scanners and nuclear medicine cameras are now inoperable. As a result, the emergency room can’t help patients that need these scans and surgeries need to be rescheduled.

As Program Manager for Cybersecurity Solution, I help Crothall clients’ protect their medical devices from computer viruses, cyberattacks and to ensure HIPAA security compliance.  If this scenario ever happens, our Crothall team will be called in to help restore our client’s operations. This means coordinating our technicians on the ground and launching a remediation plan to remove infected devices, reload the operating system and software and install proper patches to prevent another outbreak.

New Technology is Changing Our Role

Advances in technology have helped our clients connect many more medical devices to their networks along with medical device manufacturers utilizing computers to control medical devices. This has caused a large shift in our industry compelling Crothall to invest heavily in new skills around IT for our technicians.

In the old days – which wasn’t long ago – we focused on providing technical knowledge and expertise on a wide range of medical devices. But now our scope of responsibilities are much greater.  With the networking of medical devices in a hospital, if the network breaks down, those devices go down, too.

Compounding the problem is that the healthcare industry has been slow to respond to cyber threats. Few people in the industry dreamed that hackers would want to access hospital systems. And because medical devices were designed to provide life-saving scans, tests and results, manufacturers didn’t begin incorporating software patches and other cybersecurity solutions until recently.

That is where Crothall Healthcare Technology Solutions comes in.  Our program positions our team to respond and support our clients in challenging cybersecurity incidents. The ISACA, the global association for information technology professionals believe the US will have a shortage of about 2 million skilled cybersecurity professionals this year. If we can fill that role, we can become a human firewall that can help against cyber breaches.

More Education Needed

Just as we send our technicians to school and receive training for new medical devices, Crothall also recognized the need for training our technicians in information technology.  By investing in IT training, Crothall is empowering its technicians with a new toolset to help better communicate with their IT counterparts to both facilitate medical device integration and to be prepared to respond in the event of a cybersecurity incident.

As an industry, clinical engineers need a more in-depth understanding of computers, networks and security. Fortunately, Crothall is investing in our technicians and building an infrastructure of expertise starting with CompTIA IT Fundamentals for every technician, advancing to area experts with CompTIA A+ certification, and regionally developing Cybersecurity experts with even more advanced training.  We challenge our team to not only stay current in medical device cybersecurity developments but to be informed constantly about the changing cybersecurity landscape.

Our team’s expertise assists our clients to better understand vulnerable points on their production network, as well as any gaps in information security compliance.  As Program Manager for Cybersecurity Solutions, I meet with our clients to update them and discuss how their IT systems can be used to reduce their risk. Healthy patients need healthy networks and medical devices.  Crothall stands ready to help.

Our priority is how the devices we service fit into a hospital’s network, which includes MRI and CT machines, and infusion pumps, which deliver insulin or other hormones, antibiotics, chemotherapy drugs, and pain relievers. If these devices are compromised by a cybersecurity attack or a virus it could cause patient harm, and incorrect diagnosis or even patient death.

Making Us Better Partners

Continuing education is critical because it’s likely the criminals seeking to hack healthcare networks will continue to ply their trade. Because many hospitals keep electronic records of their patients, hackers see an enormous opportunity to steal this information and sell it for personal gain. These records contain even more information about a person that is valuable to other criminals – including their telephone number, social security number, street address and medical and treatment history.  And all it is tied into their bank accounts and credit cards.

I’m convinced that with more advanced education and training, clinical engineers can be a human firewall that can help against breaches. Basic training in information technology will allow us to have a new set of tools to better communicate with our client’s IT team during any future cyberattack. Taking this step will only enable us to better safeguard the medical devices patients need and help our clients see us as critical partners.