Lack of cyber security puts patients in B.C. at risk

Cover page of audit report on cyber security threats to medical devices  Photo courtesy Office of the Auditor General of British Columbia
Cover page of audit report on cyber security threats to medical devices Photo courtesy Office of the Auditor General of British Columbia
Lisa Cordasco - CHLY - NanaimoBC | 09-02-2021

British Columbia's Auditor General is advising health authorities to examine the security of their medical devices, after an audit of the province's largest health care delivery organization.  Michael Pickup's office analyzed the security systems in place to protect medical equipment owned by the Provincial Health Services Authority.  It found the PHSA has not kept an accurate inventory of the more than 18,000 devices it uses on patients on the lower mainland.  The audit says the PHSA has not evaluated cyber security threats and their potential harm to patients.  It concludes the lack of monitoring and control means the health authority is incapable of knowing when a cyber attack happens.  Pickup says the consequences could be disastrous for patients undergoing MRIs or those hooked up to automatic medication dispensers or dialysis machines, for example.

Pickup says although his audit focused on the Provincial Health Services Authority, he is recommending all health authorities study the report and apply its four recommendations.  They include the need to identify, control and monitor the use of all hardware and software on medical device networks, and evaluate cyber security threats to them.  The PHSA says it has accepted all four recommendations and is taking steps to implement them.