Securing Problematic 'Legacy' Devices: Be Part of Procurement, Push for Info

Typically a “legacy” describes the lasting impact of an influential person or movement, most often in a positive sense. Not so with medical devices. When legacy is applied to a CT scanner, infusion pump or even the information technology (IT) that runs them, it typically means bad news.

Legacy devices are one of the “key challenges” facing every health care organization, said Kevin Fu, and what to do about them “is the elephant in the room.” Such devices will always exist, he said, and “the challenge is going to be, how do we manage that legacy [device] in a very controlled manner?”

It turns out that Fu—and emergency room physician Dr. Christian Dameff—actually have quite a few recommendations for what to do about these devices. In addition to suggestions that involve government action, they offer strategies that health care organizations can implement to prevent cybersecurity incidents and breaches involving what are often life-saving machines.

In February 2021, Fu, an associate professor of electrical engineering and computer science at the University of Michigan, began a one-year position as the inaugural acting director of medical device cybersecurity at the Food and Drug Administration (FDA) Center for Devices and Radiological Health. Dameff is medical director of cybersecurity for UC San Diego Health and assistant professor of emergency medicine, biomedical informatics, and computer science at the University of California San Diego.

This document is only available to subscribers. Please log in or purchase access.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field