Optum, devicemakers partner on cybersecurity center with University of Minnesota

Modern Healthcare Illustration / Getty Images

The University of Minnesota is forming a center focused on medical device cybersecurity with funding from UnitedHealth Group’s Optum and four medical device companies, the university announced Wednesday.

Medical device cybersecurity has been a growing area of focus for healthcare organizations and the federal government because medical devices are increasingly connected to the internet or to internal hospital networks. Devices can be disrupted and become unavailable during cyberattacks or even provide another way in for hackers targeting healthcare organizations.

The new center, which aims to bring together university, industry and government collaborators, grew out of medical devicemakers’ interest in forming a hub for device security research, education and workforce training, according to a news release from the University of Minnesota, which is based in Minneapolis and St. Paul.

Optum, Abbott, Boston Scientific, Medtronic and Smiths Medical collectively are providing most of the funding. The companies plan to recruit other devicemakers over the next two years.

“Cybersecurity for medical devices is critical in retaining the trust consumers place in healthcare companies for how the technology is used, and how health information is protected,” Allison Miller, Optum’s chief information security officer, said in a news release.

In its first year, the center plans to host a hackathon, roundtables with various stakeholders and to establish a medical device cybersecurity course and summer internship program for students.

The center is housed within the University of Minnesota’s Technological Leadership Institute, an interdisciplinary center that’s part of the College of Science and Engineering. Katey Pelican, co-director of the university’s Strategic Partnerships and Research Collaborative, will act as the center’s interim director.

Hospitals can have upwards of 100,000 medical devices connected to their networks at any given time, which poses risks if they’re deployed with cybersecurity vulnerabilities.

Between January 2017 and December 2020, the Homeland Security Department’s Industrial Control Systems-Cyber Emergency Response Team issued 92 advisories on cybersecurity vulnerabilities disclosed by medical device manufacturers, according to data compiled this year by MedCrypt, a cybersecurity company.