Categories: Devicemedical

How to make the case for medical device security

Medical device security is an emerging topic for healthcare IT, with a lot of gray area on who is responsible for shoring up vulnerabilities that come along with the segment.

Among the most common issues are provider organizations with very limited visibility into what medical devices are on the network, what devices they talk to, who has access to those machines and whether protected health information is stored on the device.

That’s the perspective of David Finn, executive vice president of strategic innovation at CynergisTek. Finn is scheduled to speak about the topic next month at HIMSS21.

“Without that information you cannot really assess vulnerabilities and risks,” he explained. “Once an organization has visibility into the medical devices on the network and the network’s topography, they can start to understand the technical risks to the machines and using the network itself to mitigate some of those risks–open ports, communication paths, access to the devices.”

He explained another typical issue he sees is governance: Who owns the devices? Who is responsible for security on medical devices?

“We often see clinical engineering at odds with IT or security over control and management,” he said. “We even see IT and security at odds about which group should do what to which devices and when.

Finn said healthcare organizations tend to want to solve a specific problem when they go looking for security tools.

“Unfortunately, security is a journey, not a destination, and the ‘solution’ to security is almost never a ‘tool’; security has to include not only the tool, but the processes around that tool and the data it collects,” he said. “You have to address the people involved in the use of the tool and more importantly those involved in the processes around medical devices and the tools to monitor and secure them.”

He warned acquiring tools can actually make things worse in terms of security by providing a false sense of security, or they may add complexity that is not well administered or managed.


Read More

News Bot

Published by
News Bot

Recent Posts

Image Synthesis and Editing with Stochastic Differential Equations

[Submitted on 2 Aug 2021] Download PDF Abstract: We introduce a new image editing and…

8 mins ago

We Switched to Mattermost

As a remote-first startup (from day one), we were heavy Slack users.  Considering moving to…

8 mins ago

Amazon should redo union election over improprieties, NLRB officer recommends

We've detected unusual activity from your computer network To continue, please click the

8 mins ago

Yellowcake Shaped the West

In late August 2018, in the heat of one of the warmest and driest years…

8 mins ago

FB users buying Oculus VR headsets to get customer service prioritization

After her Facebook account was hacked, Angela McNamara struggled to get help from the social…

8 mins ago

The future of gaming and streaming: a networking and SEO arsenal

30-second summary: As the world starts to return to normalcy, the gaming and live streaming…

8 mins ago