VICTORIA -- A report looking into the handling of 18,000 medical devices in B.C.'s Lower Mainland found controls lacking, putting patient safety at risk.
An MRI machine may not be what you picture when you think of cyberhack, but B.C.’s auditor general worries that’s exactly the type of device that could be easy bait.
“What could potentially happen if there's a cybersecurity attack is you could lose the integrity and availability of that information so perhaps a treatment would not happen or the wrong treatment would happen,” said Michael Pickup in an interview with CTV News.
The Office of the Auditor General looked at devices within the control of the Provincial Health Services Authority and found the agency didn’t have an adequate inventory, had not appropriately evaluated the risks and wasn’t effectively monitoring them.
The conclusion: the health authority may not even know that a breach was happening.
“Unfortunately there are too many reasons for so many people to do these kinds of things, which is why it’s important to have strong controls in place.”
The report makes four recommendations all aimed at strengthening controls.
PHSA didn’t make anyone available for an interview. It provided a statement which reads in part, "Work is already underway on a number of planned improvements scheduled for 2021, including an expansion of cybersecurity for medical devices. The Auditor General's findings are timely and will help inform these efforts.”
The statement went on to say the PHSA is accepting all the report's recommendations.
The auditor general added there are 36,000 such devices in the province as he urged all health authorities to take notice of the audit.