VA to secure 50,000 networked medical devices

The Veterans Affairs Department has launched an initiative to isolate all 50,000 networked medical devices by December, after experiencing computer virus and malware infections of 122 networked medical devices in the last 14 months that had the potential to harm patients, according to VA Chief Information Officer Roger Baker.

“VA faces a critical challenge in securing our medical devices from cyber threats — and securing them is among the highest priorities for VA,” Baker told the House Veterans Affairs Subcommittee on Oversight and Investigations.

The VA currently operates about 50,000 networked devices to assist in patient diagnosis, treatment and monitoring. The devices are especially challenging to secure because their operation must be certified, and application of virus protection updates and patches is restricted.

Starting in 2009, VA officials mandated that all medical devices at Veterans Health Administration facilities connected to the VA network implement a device isolation architecture, which uses a local area network. The VA also set up a comprehensive device protection program that includes assessment, communication, training, validation, scanning, remediation and patching, Baker said.

The VA expects to secure all medical devices through the isolation architecture by year’s end, Baker said.