Categories: Devicemedical

How to make the case for medical device security

Medical device security is an emerging topic for healthcare IT, with a lot of gray area on who is responsible for shoring up vulnerabilities that come along with the segment.

Among the most common issues are provider organizations with very limited visibility into what medical devices are on the network, what devices they talk to, who has access to those machines and whether protected health information is stored on the device.

That’s the perspective of David Finn, executive vice president of strategic innovation at CynergisTek. Finn is scheduled to speak about the topic next month at HIMSS21.

“Without that information you cannot really assess vulnerabilities and risks,” he explained. “Once an organization has visibility into the medical devices on the network and the network’s topography, they can start to understand the technical risks to the machines and using the network itself to mitigate some of those risks–open ports, communication paths, access to the devices.”

He explained another typical issue he sees is governance: Who owns the devices? Who is responsible for security on medical devices?

“We often see clinical engineering at odds with IT or security over control and management,” he said. “We even see IT and security at odds about which group should do what to which devices and when.

Finn said healthcare organizations tend to want to solve a specific problem when they go looking for security tools.

“Unfortunately, security is a journey, not a destination, and the ‘solution’ to security is almost never a ‘tool’; security has to include not only the tool, but the processes around that tool and the data it collects,” he said. “You have to address the people involved in the use of the tool and more importantly those involved in the processes around medical devices and the tools to monitor and secure them.”

He warned acquiring tools can actually make things worse in terms of security by providing a false sense of security, or they may add complexity that is not well administered or managed.


Read More

News Bot

Published by
News Bot

Recent Posts

Bezos offers NASA a $2 billion discount for Blue Origin Moon lander

Credit: CC0 Public Domain Blue Origin owner Jeff Bezos wrote an open letter to NASA…

22 mins ago

Sandstorm engulfs desert city in China

Dunhuang, a tourist draw with a colourful history as a Silk Road outpost, momentarily disappeared…

22 mins ago

Fermi spots a supernova’s ‘fizzled’ gamma-ray burst

When the core of massive star collapses, it can form a black hole. Some of…

22 mins ago

Director retention does not necessarily facilitate post-acquisition firm performance: study

Credit: Pixabay/CC0 Public Domain Firm acquisition is a complicated process in which acquiring companies often…

22 mins ago

Astronomers seek evidence of tech built by aliens

The Galileo Project was announced a month after the Pentagon released a report about unidentified…

22 mins ago

Canon Might Make an Ultra-Expensive Camera More Affordable

News @andrew_andrew__ Jul 26, 2021, 5:11 pm EDT | 1 min read A photo of…

22 mins ago