MedTech Dive June 24, 2021
The Office of Inspector General has found Medicare lacks consistent cybersecurity oversight of networked medical devices in hospitals. Without proper cybersecurity controls, these devices can be compromised with the potential for patient harm, according to OIG.
CMS’ survey protocol is devoid of requirements for networked device cybersecurity. OIG’s review revealed Medicare accreditation organizations (AOs) that could use their discretion to assess cybersecurity during hospital surveys rarely use that power.
The shortcomings in oversight led OIG to recommend that CMS works with HHS and others to address cybersecurity as part of its quality oversight of hospitals. CMS concurred with the need to consider ways to highlight cybersecurity but OIG wants the agency to go further....