Dive Brief:
- The HHS Office of Inspector General has found Medicare lacks consistent cybersecurity oversight of networked medical devices in hospitals. Without proper cybersecurity controls, these devices can be compromised with the potential for patient harm, according to OIG.
- CMS’ survey protocol is devoid of requirements for networked device cybersecurity. OIG’s review revealed Medicare accreditation organizations that could use their discretion to assess cybersecurity during hospital surveys rarely use that power.
- The shortcomings in oversight led OIG to recommend that CMS works with HHS and others to address cybersecurity as part of its quality oversight of hospitals. CMS concurred with the need to consider ways to highlight cybersecurity but OIG wants the agency to go further.
Dive Insight:
The OIG report’s findings highlight potential cybersecurity vulnerabilities as ransomware attacks on hospitals have jumped during the COVID-19 pandemic. Networked medical devices, which connect to the internet, hospital networks and other devices, are particularly vulnerable to hackers putting patients at risk.
The HHS watchdog noted that a large hospital…
