Preferred Name
Nicole
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Date of Graduation
12-16-2023
Document Type
Dissertation
Degree Name
Doctor of Nursing Practice (DNP)
Department
School of Nursing
Advisor(s)
Jeannie Corey
Toby Gouker
Abstract
Much of healthcare practice relies on computers, data and the Internet. This is especially true in the use of medical devices which are connected to the Internet and require strong cybersecurity protocols to ensure their data is secure. Technical advances have resulted in transformations to health care delivery, which have the capacity and capability to improve patient care. A prime example is the increase in interconnectivity between medical devices and other clinical systems. This interconnectivity leaves medical devices vulnerable to security breaches in the same way other networked computing systems are vulnerable (Williams and Woodward, 2015). However, unlike other networked computing systems, there is an increasing concern that the connectivity of medical devices will directly affect clinical care and patient safety. The project executed was an evidenced-based cybersecurity risk assessment of medical devices in use at a health system in the southern United States. The Center for Internet Security Risk Assessment Method (CIS RAM) was the tool chosen for the risk assessment. The assessment identified clinically relevant medical devices with cybersecurity risks and their severity. Clinicians were provided medical device cybersecurity education and were engaged to use the CIS RAM methodology while ranking high risk medical devices according to clinical workflow inconvenience and potential to harm patients. Clinicians provided feedback regarding proposed risk mitigation strategies for the health system to develop a plan to address high risk medical devices. This project serves as an exemplar for other hospitals to include clinical leaders in medical device cybersecurity risk assessments and underscores the value they bring to mitigation of cybersecurity threats.
Recommended Citation
Mohiuddin, Nicole A. and Mohiuddin, Nicole A., "Medical device cybersecurity risk assessments: Engaging clinicians to mitigate threat" (2023). Doctors of Nursing Practice (DNP) Final Projects, 2020-current. 29.
https://commons.lib.jmu.edu/dnp202029/29