16 K. Lung: J Extra Corpor Technol 2026, 58, 3 – 18 should be run at regular intervals to ensure that all team members are familiar with this backup option. This practice helps provide a smoother and more complete transition to backup measures during an incident, minimizing the impact it has on essential services [ 4 ].
Backups of data and software should be made at regular intervals and stored offline [ 2 ]. Perfusion-specific policies or an individual’ s work-based projects can be reasonably stored long-term by the department, whereas patient data should be backed up by the hospital or EMR service. This practice is helpful not only in the event of a cybersecurity incident, but also in case of unintentional loss of data from events like corrupted drives.
Additional considerations
A special consideration that may not apply to all perfusionists, but warrants discussion, is the vulnerability that carries over to international communities who rely on outsourced technologies or services. Cybersecurity is not simply a need of developed countries or world powers. Cybercrime can occur anywhere with technology or data, and all of the same sources of vulnerability may apply in places that perfusionists may travel for mission trips, international outreach programs, or disaster relief efforts. Equipment concerns, particularly for older equipment donated for overseas use, arise because these items are often well past their warranty, and beyond service updates, not only for the physical components but also those of the onboard software. Networking these devices may not be as common in some areas of the world, thus limiting the breadth of the local IoMT, but that does not mean that databases are safe, nor does it indicate that those devices will never be added to a centralized system later.
Outreach groups are also similar to other third-party hospital connections. They can be a source through which vulnerabilities may be brought into a hospital if cybersecurity is compromised on the side of the partner. This could work similarly to other hub-and-spoke attack strategies, simply with fewer targets. This should not be considered a deterrent for assisting other centers, but a reminder regarding vigilance and the importance of sharing cybersecurity concerns and best practices.
Finally, all of the policies reviewed here are from the perspective of the United States, though many of the cybersecurity concerns and preventive measures discussed are applicable on a more global level. For additional information from other governments, this author suggests reference [ 60 ] as a potential starting point.
Conclusion
Cybersecurity is a difficult field to explain and educate in fields outside of IT, despite how crucial it has become in the modern era. Perfusionists should also know what kind of impact a cyberattack could have on them, their workflow, and their patients, so that they may best mitigate the impact or isolate the vulnerability. Planning for worst-case scenarios is a part of a perfusionist’ s job, and that should include preparation for a lack of technology. Each perfusion department should have a plan for operating with limited or no device connectivity in case of a system outage, a cyberattack, or otherwise. The increasing interest in cybersecurity across all industry sectors indicates that it may be prudent to work towards an AmSECT standard or guideline, thereby encouraging discussion of digital safety and keeping the profession in line with other medical societies.
Forming a digitally secure and cyber-resilient perfusion department is not a simple objective. Technology will only become increasingly integrated into the personal and professional lives of perfusionists and patients. Healthcare as a whole has already seen the consequences of not keeping ahead of digital security, with cyberattacks now costing billions each year. The perfusion profession should strive to learn from healthcare system attacks of the past and be a part of the solution. Much like the cultures of safety, diversity, and inclusion that have been cultivated over years of active policy shifts within healthcare institutions until they become commonplace, so too must we promote a culture of digital security, enacted and encouraged by each and every employee, for the betterment of our workplace and our patients’ safety.
Acknowledgments
The author would like to thank Gregory Matte, CCP, LP, FPP, and William Regan, CCP, LP, FPP, for their input and guidance throughout the creation of this manuscript.
Funding The author received no funding to complete this research.
Conflicts of interest The author declares no conflict of interest.
Data availability statement
No data was created or analyzed in this study. Data sharing is not applicable to this article.
Ethics approval
Ethical approval was not required for this article as it did not involve human subjects, animal subjects or patient data.
References
1. Alanazi AT. Clinicians’ perspectives on healthcare cybersecurity and cyber threats. Cureus. 2023; 15( 10): e47026.
2. Javaid M, Haleem A, Singh RP, Suman R. Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends. Cyber Secur Appl. 2023; 1:100016.
3. Argaw ST, Troncoso-Pastoriza JR, Lacey D, et al. Cybersecurity of hospitals: Discussing the challenges and working towards mitigating the risks. BMC Med Inform Decis Mak. 2020; 20:1 – 10.
4. Burke W, Stranieri A, Oseni T, Gondal I. The need for cybersecurity self-evaluation in healthcare. BMC Med Inform Decis Mak. 2024; 24( 1): 133.
5. Clarke M, Martin K. Managing cybersecurity risk in healthcare settings. Healthc Manage Forum. 2024; 37( 1): 17 – 20.