The inspector general’s office at the U.S. Health & Human Services Dept. plans to investigate the security of networked medical devices in hospitals, according to the HHS OIG’s work plan for fiscal 2016.
“We will examine whether FDA’s oversight of hospitals’ networked medical devices is sufficient to effectively protect associated electronic protected health information (ePHI) and ensure beneficiary safety,” according to the OIG’s work plan.
“Computerized medical devices, such as dialysis machines, radiology systems, and medication dispensing systems that are integrated with electronic medical records (EMRs) and the larger health network, pose a growing threat to the security and privacy of personal health information,” according to the plan. “Such medical devices use hardware, software, and networks to monitor a patient’s medical status and transmit and receive related data using wired or wireless communications.”
The HHS dept. isn’t the only federal agency that’s concerned about the growing “Internet of Things.” In September the FBI warned that the increasing number of web-connected devices “increases the target space for malicious cyber actors” looking to exploit vulnerabilities.
The FBI’s warning covers medical devices that collect and transmit data or dispense medicines, including wireless heart monitors and insulin pumps.