B.C. health authority’s cybersecurity lacking on medical devices, says audit
VICTORIA — British Columbia’s auditor general says the Provincial Health Services Authority is not effectively managing cybersecurity threats for medical devices and has not evaluated the risk to patients.
Michael Pickup says ineffective cybersecurity management means the authority can’t apply proper security controls to its systems and devices, and may not be able to detect cyberattacks.
The audit covered more 18,000 devices in the Lower Mainland, ranging from infusion pumps to MRI systems, and the systems supporting their operation.
He recommends the authority evaluate cybersecurity threats and the potential harm to patients, and take action to protect systems, devices and patients.