13 AUG 2021
Connected medical devices offer many benefits, helping care teams gain faster access to timely patient information for important clinical decision-making. But more connections can lead to increased security risks if your organization is not taking the right precautions. Here are some helpful tips to keep devices, like cardiac stress testing systems, operating securely.
The world today has never been more connected. There are more apps, more devices and more information available to us than ever before. As consumers, it makes sense to want the pieces of this growing technological ecosystem to connect to one another. As the stress on the global healthcare system continues to increase, it’s paramount we work smarter — not harder — to meet these demands. Today’s technology helps us provide better care for our patients, whether it’s in the hospital, the office or at home. But, with greater connection also comes some risk — and any device connected to the internet can increase that risk.
Cardiac stress test equipment is a perfect example. As these devices increase their connectivity capabilities, they can add to the overall risk profile of a facility. Today’s newer stress systems can connect to EMRs, PACS, or ECG Management Systems, helping care teams save time — and paper — with instant data transfers or reports. We often don’t think about stress test equipment as a risk to our facility because it often “just runs.” However, whether it’s due to a system’s age or it’s connectivity status, there is always risk with any connected medical device.
Below are a few tips on how to reduce the risk of your cardiac stress test equipment. You can assess your system’s risk just a few easy questions here.
Although a stress system is comprised of a physical cart and possibly treadmill, administration of the test typically runs from a computer. That computer needs an operating system to run your stress software. Ensure that your operating system is at least Microsoft® Windows® 10 or higher. When it comes to Microsoft operating systems, anything below version 10 is officially end of support from the company.
In 2020, cyberattacks on healthcare institutions doubled from the previous year, and 28% of those attacks were from ransomware.1 Because Microsoft is no longer offering patches or security fixes to systems such as Windows 7 or Windows XP, any device running those operating systems (or older) provides an easy potential access point for hackers.
Continue to take steps to secure any medical device, like adding encryption. On your cardiac stress test equipment, there may be the option to encrypt the system’s database. This can help mitigate the exposure of patient data and information by putting another layer of protection on the system’s computer. On Windows 10-based devices, BitLocker is a built-in encryption software that can help give you this protection boost.
In some ways, your stress test system should be treated like any other computer within a healthcare facility. It should be password protected to prevent unauthorized users from walking up to it and accessing important patient data. If possible, connect the stress device to an organization-wide active directory for easier access and to ensure only approved users can log on. In situations where that’s not possible, change the device password every 60 days and ensure the password is not written down or stored close to the device.
Set roles and permissions for clinicians that use your stress system to ensure only they can access the data and information on the device. Some examples of role and permissions available on a stress system (particularly the Welch Allyn® Q-Stress® System, Version 6) are: scheduling procedures, conducting exams, reviewing and signing results, managing the database and more. These roles should be assigned as needed to prevent unauthorized personnel from using the system or making changes to it unnecessarily.
So far, these tips have been focused on reducing the security threats healthcare facilities face on a day-to-day basis. Risks also come in the form of a stress system going down and causing delays in collecting test revenue. Whether it’s the software, the treadmill or even the acquisition module being dropped on the floor, there’s a possibility stress test equipment may need to be fixed. With a service contract, many manufacturers will cover and fix almost every part of the system and its treadmill. Organizations such as Hillrom also have service centers across the country that can deploy technicians to come in and fix equipment at your facility — this is especially important for stress systems that can only be maintained through in-person visits due to their size.
Regular preventative maintenance is also key to ensuring your stress system is functioning as it should be. This can be achieved through a service contract or managed separately. Preventative maintenance is often focused on a treadmill or ergometer, but can apply to the stress cart. With regular maintenance, your stress system and treadmill can be tuned up and a field service technician can identify any parts or pieces that may need to be swapped. With a service contract, many of those parts will be covered and you can continue to conduct tests without the fear of losing revenue.