J Extra Corpor Technol 2026, 58, 3 – 18 Ó The Author( s), published by EDP Sciences, 2026 https:// doi. org / 10.1051 / ject / 2025064
Available online at: ject. edpsciences. org
ORIGINAL ARTICLE
Cybersecurity as it relates to perfusion
Kara Lung( CCP, LP) *
Boston Children’ s Hospital, Boston, MA, USA Received 14 March 2025, Accepted 11 October 2025
Abstract – Perfusionists must maintain strong digital security habits, know the inherent risks of devices in use, and have a healthy respect for the consequences of a security breach at a hospital. While perfusion has largely been able to operate without much interaction with cybersecurity experts, the relentless advancement of the digital age means that perfusionists cannot remain oblivious to the intersection of their devices and hospital digital security. This article provides a historical overview of healthcare cybersecurity with specific recommendations for perfusion teams looking to ensure best practices for protected health information( PHI). Critical recommendations include keeping physical copies of downtime procedures, routine practice of downtime procedures, discussion with the hospital information technology( IT) team to confirm perfusion-based asset lists, and the creation of an American Society of Extracorporeal Technology( AmSECT) standard or guideline regarding attention to cybersecurity.
Key words: Perfusion, Cybersecurity, Health Policy, Data Security, Education, Healthcare Infrastructure.
Abbreviation
AHA CISA DDoS DHHS ECMO EMR FDA FDORA HIPAA HITECH
HLM IoMT IoT IT KEV MDM NIST SBoM
Introduction
American Hospital Association Cybersecurity & Infrastructure Security Agency Distributed Denial of Service Department of Health and Human Services Extracorporeal Membrane Oxygenation Electronic Medical Record Food and Drug Administration Food and Drug Omnibus Reform Act Health Insurance Portability and Accountability Act Health Information Technology for Economic and Clinical Health Heart-Lung Machine Internet of Medical Things Internet of Things Information Technology Known Exploitable Vulnerability Medical Device Manufacturer National Institute of Standards and Technology Software Bill of Materials
Cybersecurity is the safeguarding of computer systems, networks, and electronically stored data from both disruption and unauthorized access, use, or disclosure [ 1, 2 ]. Cybersecurity for healthcare systems has long been a complex challenge for a
* Corresponding author: klung921 @ gmail. com variety of reasons, including unsecured medical devices, patchwork networks, complex governmental oversight, limited institutional funding, and breadth of hospital networks. Electronic medical records( EMRs) sit at the heart of modern healthcare systems, consolidating data from a myriad of human and electronic sources. EMRs support the decision-making efforts of clinicians, smooth workflows, and increase communication between individuals, departments, and hospitals [ 3 ]. The tradeoff with increased interconnectivity of devices is a larger risk of data breach, which in turn jeopardizes patient privacy, patient financial stability, patient quality of care, and hospital operations [ 4 ].
Fundamental to the understanding of the recent technological advancement of healthcare is the understanding of the Internet of Things( IoT). The IoT is a collection of physical devices that all have the ability to collect and process data, and exchange this data when connected to a network [ 5 ]. Together, they form a web-like structure of information transfer. Through this structure, one vulnerability in any single device’ s security can affect many other devices and services [ 6 ]. When the IoT is composed of medical devices, it is referred to as the Internet of Medical Things( IoMT), and it is responsible for a lot of improved monitoring, care, and communication, particularly in data-rich environments such as the intensive care unit [ 7 ]. Infusion pumps, pacemakers, ventilators, electrocardiography machines, pulse oxygen monitors, and hemodynamic monitors are all examples of devices connected to the IoMT. For perfusion, this list can include heart-lung machines( HLMs), in-line blood gas monitors, cell salvage systems, point-of-care analyzers, near-infrared spectroscopy, bispectral index monitors,
This is an Open Access article distributed under the terms of the Creative Commons Attribution License( https:// creativecommons. org / licenses / by / 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.