Why OIG Did This Review. Without proper cybersecurity controls, hospitals’ networked medical devices (i.e., devices designed to connect to the internet, hospital networks, and other medical devices) can be compromised, which can lead to patient harm. The Centers for Medicare & Medicaid’s (CMS’s) survey protocol for overseeing hospitals is silent with respect to the cybersecurity of these devices. This evaluation sheds new light on the extent to which Medicare AOs use their discretion to address cybersecurity of networked devices during hospital surveys. As hospitals continue to face cyberattacks that risk patient harm, it is important to know whether and how AOs hold hospitals accountable for cybersecurity of their devices. How OIG Did This Review. We conducted structured telephone interviews with leadership at the four AOs and sent written questions to CMS. We asked the AOs about the extent to which their survey standards required hospitals to have a cybersecurity plan for networked devices, as well as other ways in which their surveys might cover cybersecurity for networked devices. We also reviewed AO documentation of relevant survey standards and procedures.
Copyright:
The National Library of Medicine believes this item to be in the public domain. (More information)