Medical Device Security: Ensuring Data Integrity

Print Friendly, PDF & Email

Improving modern medicine is probably the most pro-social way we can put our technological prowess to work. And one of the best ways to make healthcare smarter, more accurate and more engaging is by gathering data on a huge scale and then using it to gather insights into individual patient conditions as well as the effectiveness of treatments over a much broader scale. That makes big data one of the most important allies in our quest for a more efficient and equitable healthcare model.

But the sheer amount of data generated by medical devices, patient records and drug trials makes keeping this data secure a huge uphill battle.

How Much Data Are We Talking About Here?

Just how much data is in the mix here? And, more importantly, what are we using all of it for? According to estimates, healthcare is responsible for about 30 percent of all data generated. Each human patient churns out about 80 megabytes’ worth of text and imaging files per year, which is ultimately destined for their electronic health record. That doesn’t sound like much, but it adds up to a lot of data. Unfortunately, most of this data is potentially going to waste. That’s according to a report published by the University of Michigan in the Journal of the American Medical Association.

In other words, it’s not always about collecting more data — sometimes you just need to know how to put it to work. Flatiron Health lays out the stakes this way: About 96 percent of the existing data that might have a bearing on finding a cure for cancer hasn’t been analyzed yet.

In yet other words, data needs a problem to solve — and there’s no shortage of those in medicine:

  • Medical research: Big data provides larger and more diverse data pools than ever, which aids in drug discovery and makes clinical and research trials more efficient and targeted than ever.
  • Patient engagement: Data-gathering wearables and home appliances improve patient engagement and “gamify” the collection of some health records, including activity levels.
  • More accurate diagnoses: Healthcare systems and hospitals stake their profitability and reputations on making quick and accurate diagnoses. Now, AI can make even more accurate diagnoses by taking a holistic dive into a patient’s entire medical history.

Needless to say, medical devices and healthcare apps contain data on some of the most sensitive portions of our daily routines and our relationships with our physicians. It’s really no wonder, then, why healthcare data has emerged as one of the most attractive nuisances in the world when it comes to data thieves. Medical records now represent the most convenient way for identity thieves to commandeer your life. In the first quarter of 2018, about 1.13 million electronic health records were lifted from data centers in 110 separate data breaches. Specifically, the target was patient was billing information.

Protecting patient records protects our healthcare systems, too — from lost profits and perhaps even irretrievably lost public trust. So what’s to know?

How Can Data Generated by Medical Devices Remain Safe?

Between 2015 and 2016, one-third of hospitals indicated they would begin spending more money on cybersecurity. But what’s worth spending money on, exactly? Here are some measures worth taking to secure patient health records, most of which should be familiar to early adopters of HIPAA standards:

  • Commit to regular security audits: The medical community is no stranger to third-party audits. The same vigilance and attention to detail paid to medical devices themselves must also be paid to hospital wireless networks and the databases housing patient records.
  • Isolate IoT devices on their own network: The WannaCry and Petya ransomware attacks were successful because they leveraged networked devices that, despite not being very secure, weren’t siloed on their own network. Healthcare systems can take this lesson to heart by separating network traffic with security in mind.
  • Sharpen your employee security training: We focus on outside attacks, but employee negligence is an enduring source of lost records in the healthcare setting. It’s also possible you’ll see employee vigilance wane if you’re not regularly having your IT department send fake phishing attempts through workplace email accounts, or otherwise having them weigh in on matters of cybersecurity importance, like good password hygiene, best practices for bring-your-own-device environments and more.
  • Vet third-party data partners carefully: You don’t always have to use just your own judgment when you’re building relationships with other organizations for data management, analysis or storage. There are resources like the Provider Third-Part Risk Management Council that can ensure you’re making the right choice.

According to research, we can expect the accumulation of healthcare data to rise by 40 percent each year. With only more data to store and transmit securely, it’s clear healthcare administrators need to take the risks of big data as seriously as they take the advantages. Putting all of this data to work in medicine, securely, is absolutely possible — provided the right precautions are taken.

There’s Interest on Both Sides

Clearly, there’s interest on both sides of the doctor-patient relationship when it comes to using big data to improve treatment and outcomes. According to polling conducted by Stanford University, 62 percent of patients would be willing to incorporate a medical device into their life if it came from an insurance company or from a hospital. Trust in doctors ran even higher, with 65 percent indicating their approval of the idea of a doctor-run medical device program.

But realizing all of this potentially life-changing potential means getting more serious about how we handle patient data. Most of the groundwork has been laid already thanks to HIPAA and similar legislation, but that doesn’t mean healthcare companies have stopped receiving fines for noncompliance. Quite the contrary.

Security-mindedness is still very much not something being taken for granted — and still a competitive advantage for those who take it seriously.

About the Author

Contributed by: Kayla Matthews, a technology writer and blogger covering big data topics for websites like Productivity Bytes, CloudTweaks, SandHill and VMblog.


Sign up for the free insideBIGDATA newsletter.

Speak Your Mind



  1. Informative Insights! Thanks for sharing it. I agree with you, security should not be taken for granted. Keep sharing.

  2. Thanks for sharing, i must add The HIPAA Privacy Rule was intended to secure a person’s well being data that is held by HIPAA secured substances and their consequent business partners (BAs). In addition, the Rule gives patients various rights concerning that data. It is additionally imperative to recall however, that the Privacy Rule likewise allows the exposure of well being data important for specific reasons, including quiet care.

  3. Thank for sharing this , it helped me a lot.

  4. Thanks for sharing. Great post

  5. Thanks for sharing such great informative content about medical device security.