Categories: Devicemedical

How to make the case for medical device security

Medical device security is an emerging topic for healthcare IT, with a lot of gray area on who is responsible for shoring up vulnerabilities that come along with the segment.

Among the most common issues are provider organizations with very limited visibility into what medical devices are on the network, what devices they talk to, who has access to those machines and whether protected health information is stored on the device.

That’s the perspective of David Finn, executive vice president of strategic innovation at CynergisTek. Finn is scheduled to speak about the topic next month at HIMSS21.

“Without that information you cannot really assess vulnerabilities and risks,” he explained. “Once an organization has visibility into the medical devices on the network and the network’s topography, they can start to understand the technical risks to the machines and using the network itself to mitigate some of those risks–open ports, communication paths, access to the devices.”

He explained another typical issue he sees is governance: Who owns the devices? Who is responsible for security on medical devices?

“We often see clinical engineering at odds with IT or security over control and management,” he said. “We even see IT and security at odds about which group should do what to which devices and when.

Finn said healthcare organizations tend to want to solve a specific problem when they go looking for security tools.

“Unfortunately, security is a journey, not a destination, and the ‘solution’ to security is almost never a ‘tool’; security has to include not only the tool, but the processes around that tool and the data it collects,” he said. “You have to address the people involved in the use of the tool and more importantly those involved in the processes around medical devices and the tools to monitor and secure them.”

He warned acquiring tools can actually make things worse in terms of security by providing a false sense of security, or they may add complexity that is not well administered or managed.


Read More

News Bot

Published by
News Bot

Recent Posts

Yarn 3.0.0

Sponsorship Yarn now accepts sponsorships! Please give a look at our OpenCollective and GitHub Sponsors…

56 mins ago

CareRev (YC S16) Is Hiring Staff Back End Engineers (Ruby/Rails and Remote USA)

U.S. Equal Opportunity Employment Information (Completion is voluntary) Individuals seeking employment at CareRev are considered…

56 mins ago

Launch HN: Matrubials (YC S21) Milk-derived therapeutics for infectious diesases

Hi, I'm Ishita, cofounder of Matrubials. We are developing milk-derived therapeutics to address infectious diseases.I…

56 mins ago

1 out of every 153 American workers is an Amazon employee

Amazon employs 950,000 workers in the US, the company said in its latest earnings report.…

56 mins ago

Investors overseeing $14T call for vote on company climate plans

Smoke billows from the chimneys of Belchatow Power Station, Europe's biggest coal-fired power plant, in…

56 mins ago

Huawei P50 series unveiled: Not one, but two camera bumps on these superphones

Huawei/Screenshot by Sareena Dayaram/CNET Huawei has taken the wraps off its latest superphone series. It…

56 mins ago