Medical Device Cybersecurity Risk Assessments: Engaging Clinicians to Mitigate Threat

Author

Nicole A. Mohiuddin, James Madison UniversityFollow
Nicole A. Mohiuddin, James Madison University

Preferred Name

Nicole

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Date of Graduation

12-16-2023

Document Type

Dissertation

Degree Name

Doctor of Nursing Practice (DNP)

Department

School of Nursing

Advisor(s)

Dr. Jeannie Corey

Dr. Toby Gouker

Abstract

Much of healthcare practice relies on computers, data and the Internet. This is especially true in the use of medical devices which are connected to the Internet and require strong cybersecurity protocols to ensure their data is secure. Technical advances have resulted in transformations to health care delivery, which have the capacity and capability to improve patient care. A prime example is the increase in interconnectivity between medical devices and other clinical systems. This interconnectivity leaves medical devices vulnerable to security breaches in the same way other networked computing systems are vulnerable (Williams and Woodward, 2015). However, unlike other networked computing systems, there is an increasing concern that the connectivity of medical devices will directly affect clinical care and patient safety. The project executed was an evidenced-based cybersecurity risk assessment of medical devices in use at a health system in the southern United States. The Center for Internet Security Risk Assessment Method (CIS RAM) was the tool chosen for the risk assessment. The assessment identified clinically relevant medical devices with cybersecurity risks and their severity. Clinicians were provided medical device cybersecurity education and were engaged to use the CIS RAM methodology while ranking high risk medical devices according to clinical workflow inconvenience and potential to harm patients. Clinicians provided feedback regarding proposed risk mitigation strategies for the health system to develop a plan to address high risk medical devices. This project serves as an exemplar for other hospitals to include clinical leaders in medical device cybersecurity risk assessments and underscores the value they bring to mitigation of cybersecurity threats.

Recommended Citation

Mohiuddin, Nicole A. and Mohiuddin, Nicole A., "Medical Device Cybersecurity Risk Assessments: Engaging Clinicians to Mitigate Threat" (2023). Doctors of Nursing Practice (DNP) Final Projects, 2020-current. 29.
https://commons.lib.jmu.edu/dnp202029/29