Why is the healthcare industry still so bad at cybersecurity?

Would you rather talk to your doctor about your healthcare regime, or patch management for your implanted device?…

[…] “I have a lot of patients that I need to take care of, and I have only a finite amount of time to take care of them,” said Dr. Christian Dameff, Tully’s co-founder and the medical director of cybersecurity at the University of California, San Diego. “Even with my cybersecurity expertise and my understanding of these problems, I still really wrestle with the thought of, ‘If I’m only going to see this patient for 15 minutes and might not ever see them again, do I talk to them about patching their pacemaker, or do I talk to them about their horribly uncontrolled diabetes and high blood pressure? Ideally, those things would not be mutually exclusive, but that’s just not the reality of modern medicine and modern healthcare.”

It’s a problem that Dr. Suzanne Schwartz, associate director for science and strategic partnerships in the Food and Drug Administration (FDA)’s Center for Devices and Radiological Healthsays is the organization’s biggest challenge. How can medical professionals bring in patients and providers who need to be aware of and participate in cybersecurity-related discussions across the industry? It’s why the FDA convened a public meeting of its patient engagement advisory committee meeting last fall to specifically discuss medical device cybersecurity. (An entire webcast of the seven-hour event is still available online.) […]

Original article here