Healthcare Providers’ Readiness to Address Medical Device Cybersecurity within the Irish Healthcare System

Abstract

Medical devices that can diagnose and treat critically ill patients have become sophisticated and complex. Device manufacturers have been developing these systems to meet market requirements as technology evolves. Combining medical devices and ICT into a distributed medical device IT system can be a solution to incorporating continuous monitoring from the patient bedside to interoperability with a clinical information system. These technology innovations aim to manage patient data and configure medical devices into networked systems that can provide functionality and safety. The implementation of a medical device network solution allows a healthcare provider to take advantage of managing the flow of information to improve clinical work practices and implement a system that can be interoperable with other clinical information systems. International Electrotechnical Commission (IEC) 80001-1 was developed to assist healthcare providers in identifying and managing the risks associated with medical devices sharing the same IT network with other systems and software. This standard defines roles, responsibilities, and activities in relation to the management of risk with medical devices on an IT network. This study aims to determine if the standard International Electrotechnical Commission (IEC) 80001-1 is being implemented and determine familiarity with regulations and appropriate standards and guidance for an effective medical device security risk-management program with Irish healthcare providers. A literature review highlighted the restrictions healthcare providers face in adopting and implementing IEC 80001-1 and the security threats and risks present when integrating medical devices and IT networks. The study research was conducted with clinical engineering members of the Biomedical and Clinical Engineering Association of Ireland (BEAI). This survey targeted BEAI members due to their wealth of experience, knowledge, and skill level in supporting complex medical device systems. An online anonymous survey was created to determine knowledge, awareness, and familiarity with IEC 80001-1 and other medical device security risk-management guidelines. The study research results revealed low knowledge, awareness, and familiarity among research participants with IEC 80001-1 and guidelines on medical device security risk management. These results were consistent with the literature review that a key to the success of standard adoption is collaboration between stakeholders and a multidisciplinary approach to compliance.