Categories: Devicemedical

How to make the case for medical device security

Medical device security is an emerging topic for healthcare IT, with a lot of gray area on who is responsible for shoring up vulnerabilities that come along with the segment.

Among the most common issues are provider organizations with very limited visibility into what medical devices are on the network, what devices they talk to, who has access to those machines and whether protected health information is stored on the device.

That’s the perspective of David Finn, executive vice president of strategic innovation at CynergisTek. Finn is scheduled to speak about the topic next month at HIMSS21.

“Without that information you cannot really assess vulnerabilities and risks,” he explained. “Once an organization has visibility into the medical devices on the network and the network’s topography, they can start to understand the technical risks to the machines and using the network itself to mitigate some of those risks–open ports, communication paths, access to the devices.”

He explained another typical issue he sees is governance: Who owns the devices? Who is responsible for security on medical devices?

“We often see clinical engineering at odds with IT or security over control and management,” he said. “We even see IT and security at odds about which group should do what to which devices and when.

Finn said healthcare organizations tend to want to solve a specific problem when they go looking for security tools.

“Unfortunately, security is a journey, not a destination, and the ‘solution’ to security is almost never a ‘tool’; security has to include not only the tool, but the processes around that tool and the data it collects,” he said. “You have to address the people involved in the use of the tool and more importantly those involved in the processes around medical devices and the tools to monitor and secure them.”

He warned acquiring tools can actually make things worse in terms of security by providing a false sense of security, or they may add complexity that is not well administered or managed.


Read More

News Bot

Published by
News Bot

Recent Posts

Golang Security Checker

Inspects source code for security problems by scanning the Go AST. License Licensed under the…

28 mins ago

Does the Tuskegee Experiment Explain Black Vaccination Rates?

Black vaccination rates lag the rest of the country, according to data from the Census…

28 mins ago

Xsolla fires 150 employees using analysis of chat and email activity

04.08.2021 17:34 Evgeny Obedkov Published by 04.08.2021 17:34 Evgeny Obedkov Tags: layoffs,Russia,Xsolla Russian payment services…

28 mins ago

Apple enabling client-side CSAM scanning on iPhone tomorrow

We’ve detected that JavaScript is disabled in this browser. Please enable JavaScript or switch to…

28 mins ago

Activision Blizzard lawsuit: Latest updates and what you need to know

SOPA Images/Getty It's been a tumultuous two weeks for gaming titan Activision Blizzard. The company…

28 mins ago