IU Health in Indianapolis launched an innovation lab to test the security of medical devices the health system uses for patients, Inside Indiana Business reported July 29.
The COVID-19 pandemic was a big driver in IU Health's decision to open the lab, IU Health Director of Information Services Nick Sturgeon told the publication.
"Obviously, COVID played a huge part in realizing that relying on other folks may not best meet our needs," he said. "We want to test these devices ourselves and tell our patients we have the utmost confidence in these devices that we’re putting in patient settings."
The new lab is testing the cybersecurity of about 15 devices, including anesthesia and electrocardiogram machines, infusion pumps and patient monitors. The security team is essentially trying to hack the devices "as a bad guy would hack it," Mr. Sturgeon said.
"That's the advantage we have as [IU Health's Security Research] Red Team; we view things from the perspective of these 'bad actors.' We can look at areas that maybe an operational IT person wouldn't look at, because they may be just worried about keeping the lights on and making sure it’s functioning," he said.
The lab will use its research to alert manufacturers or other hospitals of vulnerabilities they find so they can be resolved. It also plans to share its findings with the professional security community through peer-reviewed journals.