B.C. health authority’s cybersecurity lacking on medical devices, says audit

VICTORIA – British Columbia’s auditor general says the Provincial Health Services Authority is not effectively managing cybersecurity threats for medical devices and has not evaluated the risk to patients.

Michael Pickup says ineffective cybersecurity management means the authority can’t apply proper security controls to its systems and devices, and may not be able to detect cyberattacks.

The audit covered more 18,000 devices in the Lower Mainland, ranging from infusion pumps to MRI systems, and the systems supporting their operation.

He recommends the authority evaluate cybersecurity threats and the potential harm to patients, and take action to protect systems, devices and patients.

The Provincial Health Services Authority, which works with health authorities to provide care, says it accepts the audit’s recommendations and is implementing cybersecurity improvements.

Pickup’s report, released today, follows another last month that found the B.C. government did not have adequate cybersecurity practices in place to manage its computer systems in a review of five ministries, including Finance and Health.

Feature image by iStock.com/nazdravie