On June 23, the Department of Health and Human Services Office of Inspector General (OIG) posted on its website an Issue Brief entitled “Medicare Lacks Consistent Oversight of Cybersecurity for Networked Medical Devices in Hospitals.” According to the OIG, the Centers for Medicare & Medicaid Services should amend interpretative guidelines or other nonbinding guidelines, or add specific standards to the existing Medicare Conditions of Participation, to ensure that hospitals focus on cybersecurity for networked devices.

Networked medical devices include systems that archive and communicate patient diagnostic images, monitor patient activity, and communicate with laboratory information systems. They may be connected to the internet, hospital networks, and other medical devices. Without proper cybersecurity, hackers may gain access to a hospital’s entire network through a networked device. The increasing number of cyberattacks, including ransomware attacks, on hospitals and health systems over the past two years has made this a critical issue.