Skip to content

B.C. health authority isn’t effectively managing cybersecurity threat on medical devices: audit

Audit covered more 18,000 devices in the Lower Mainland, ranging from infusion pumps to MRI systems
24178669_web1_210209-CPW-Cyberthreats-Report-WEB_1
An MRI machine at Toronto’s Sunnybrook Hospital. Pictured on Tuesday, May 1, 2018. THE CANADIAN PRESS/Chris Young

British Columbia’s auditor general says the Provincial Health Services Authority is not effectively managing cybersecurity threats for medical devices and has not evaluated the risk to patients.

Michael Pickup says ineffective cybersecurity management means the authority can’t apply proper security controls to its systems and devices, and may not be able to detect cyberattacks.

The audit covered more 18,000 devices in the Lower Mainland, ranging from infusion pumps to MRI systems, and the systems supporting their operation.

He recommends the authority evaluate cybersecurity threats and the potential harm to patients, and take action to protect systems, devices and patients.

The Provincial Health Services Authority, which works with health authorities to provide care, says it accepts the audit’s recommendations and is implementing cybersecurity improvements.

Pickup’s report, released today, follows another last month that found the B.C. government did not have adequate cybersecurity practices in place to manage its computer systems in a review of five ministries, including Finance and Health.

READ MORE: Dr. Henry says COVID vaccine supply to increase in February; total cases top 70,000