This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Today in Health it, this story is biomed device security. I know really sexy topic for this Tuesday. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT a channel dedicated to keeping health IT staff current. And engaged. I wanna thank our sponsor for today's Sirius Healthcare.

They've reached out to me roughly about this time last year and said, we love what you're doing and really appreciate your mission to develop the next generation of health leaders. And the rest is history. They've been sponsoring the show ever since. If you believe in our mission as well and wanna support our show, please shoot me a note at partner at this week in health it.com.

Alright, onto today's story. . This comes from health it security.com. The story's by Jessica Davis. Uh, it's covered in a lot of different places, but I, I like this version the best. Anytime I'm looking at a security story, I go to the health it security.com website. Okay, here it is. The Food and Drug Administration recently named Kevin Fu.

That means no more resources at Microsoft are working on Windows xp. That device that's connected to you in the hospital bed, it may be running on a bug ridden and and whole infested software. All right, back to back to, sorry. That was my rant. Back to the article. FU is an associate professor of electoral engineering and computer science at the University of Michigan and a Dwight e Harken memorial lecturer.

Food is tasked with working to bridge the gap between medicine and computer science, as well as supporting manufacturers in protecting medical devices from digital security threats. This is so needed and has been needed for so long. I'm gonna keep going through the article. Medical device security is a massive challenge for the, a majority of healthcare organizations, troves of connected medical devices in complete inventories and heavy.

Reliance on legacy platforms have left many entities vulnerable to attacks. In fact, I mean, my story on this is we went to our manufacturer and said, look, we, we can't be running on Windows XP anymore. We need this to be updated. And they said, you don't understand the process. We would have to go back to the FDA, get this entire device recertified, and you're talking literally months, if not years, to get that device recertified.

And they essentially said, we know that Windows XP is end of life, but we're not ready to turn it over, and it might be a year or two before we're ready to do that. So we had to come up with workarounds around utilizing Windows XP as one of those devices, or replace all of those devices across our health systems.

And when you're talking about a 16 hospital system, that's. Millions of dollars. That's a lot of coordination. Clearly you want to get ahead of this stuff, but that is a significant project. Alright, back to the article, what's worse? Nation state actors and other cyber criminals have launched multiple campaigns that target these weaknesses, which has become a serious risk to patient safety.

Which is much needed to tackle these risks As first acting director of medical device security, the needed collaboration and shift into stronger medical device infrastructure could be within reach to FU Manufacturers need to better understand the need to build cybersecurity into the design of devices to get there, engineers, patients, clinicians, and legal experts.

Need to be brought to the table during the design process. The other challenge is that medical devices rely on complicated software systems, which don't always follow much needed privacy and security standards through stress that there needs to be stricter requirements for medical device design. You can't simply sprinkle magic, security pixie dust.

After designing a device, FU explained to the University of Michigan, whether for manufacturers or the internet of things or medical devices, we're not providing the necessary level of security engineering training that companies need right now. Though I'm focused on medical device safety, FU concluded.

Regardless, we welcome it and we welcome Dr. Fu into . This role. If I were a health system today, if I were in ACIO role, I might dust off my biomed device cybersecurity plan. I, I wouldn't imagine there's too much dust on it, to be honest with you. Make sure you're ready. I. For what is bound to be coming from the FDA, by the time it comes down as a regulatory mandate at the federal level, you are behind.

Uh, I, I'm really getting tired of, uh, you know, federal mandates coming down and then health systems rallying around the American Hospital Association and others to try to combat against this, oh, it's moving too fast, and those kind of things. We should be ahead of these things. We should know that they're coming.

We should have plans around these things, and I realize that some health systems are understaffed in this area, but if you're listening to the show, you now know that . Kevin Fu has been identified and appointed to this role. Therefore, he is going to be pushing things down that are going to impact your health system.

Try to stay ahead, know what's coming, and be ready to strengthen this much needed area. That's all today. If you know someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week, health.com, or wherever you listen to podcast Apple, Google. Overcast, Spotify, Stitcher, you get the picture.

We're everywhere. We wanna thank our channel sponsors who are investing in our mission to develop the next generation of health leaders, VMware Hillrom, Starbridge Advisors, McAfee and Aruba Networks. Thanks for listening. That's all for now.