[toshik (OP)]

Hi All!

Please, share your opinion or experience on how to make sure our lab equipment is safe from any cyber threats?

We have different clinical diagnostics devices (blood and plasma screening, hematology analyzers, immunodiagnostic system, urine testing etc.) by Abbott, Roche, Bio-Rad and other companies. Many of them are connected to the Net... 

[wolfekeeper]

Well do you have backups? How are you handling potentially sensitive patient data from spyware, hacking etc? Are all your systems regularly updated with the latest software to help prevent malware? Are any passwords there may be, have they been changed from the defaults?

[evan_au]

If you need to transfer some test results to a medical practitioner, do you send them as an unencrypted email, or is there some government-sponsored health record where you can upload the test results as an encrypted transfer, and the medical practitioner can download the results as an encrypted transfer?
You could also install a "firewall" between your lab network and the public internet. This can block some threats, and take records that highlight when you have been hacked from the public internet.

A lot of threats come from inside your network - how do you screen your staff?
- How would you prevent members of the public from accessing your systems if they were left alone in your clinic (logging off when leaving the room might help).

[toshik (OP)]

Yes, we do have backups for the major part of the files. We also use firewalls, passwords mainly are updated (at least at the newer devices we got when I joined the lab, but I’ll have to check the old ones too).

The problem is the testing equipment comes from different suppliers, and they have different approaches to the security issues .
There are also some old testing devices that I don’t know how to protect them from the cyber threats (some of them don’t have manuals, and for those that still have  manuals – there is nothing about cybersecurity, there was no such topic in their times ).

Please, share your ideas how to deal with these issues?

Well do you have backups? How are you handling potentially sensitive patient data from spyware, hacking etc? Are all your systems regularly updated with the latest software to help prevent malware? Are any passwords there may be, have they been changed from the defaults?

[toshik (OP)]

Thanks for replying, Evan!
We use a “firewall” and we send the test results via secured emails or print it out for the clients. And yes, the staff security education is not easy at all, even if logging of is not a complicated thing to do people still forget to do it pretty often:/ Alancalverd has shared his experience in another thread (and he mentioned your reply there!)) about his lab’s employee who plugged his own laptop into the lab’s system... and got fired.

Could you recommend how to protect not only the patients’ data, but also the testing equipment itself? Knowing that the suppliers are different, and having in mind there are both brand new and good-old devices?

If you need to transfer some test results to a medical practitioner, do you send them as an unencrypted email, or is there some government-sponsored health record where you can upload the test results as an encrypted transfer, and the medical practitioner can download the results as an encrypted transfer?
You could also install a "firewall" between your lab network and the public internet. This can block some threats, and take records that highlight when you have been hacked from the public internet.

A lot of threats come from inside your network - how do you screen your staff?
- How would you prevent members of the public from accessing your systems if they were left alone in your clinic (logging off when leaving the room might help).