Medical device security: Three ways you can act to reduce the risk
If 2017 was about ransomware attacks, 2018 will be about cyber attacks on the Internet of Things (aka medical devices). As we begin the year, that’s the message we’re hearing from a number of sources.
So what exactly can be done to secure these important, life-critical devices?
Surprisingly, the answer doesn’t lie exclusively in the IT/security department (although technology plays a large part, to be sure). Forming a holistic, effective device security strategy means addressing three major areas of focus:
Take a look at your structure: Are teams working together effectively with a shared goal in mind? Does Information Security tend to restrict access because they are trying to protect medical records, while Information Technology has a bias toward functionality and uptime? Do biomedical equipment technicians have exposure to security personnel who can help them understand the complexities at play? Small shifts in organizational structure can have a big impact when it comes to security.
You have a plan for natural disasters, mass casualty events, and other emergencies. But have you outlined the process for what to do in the event of a device security breach? How would you know if a breach happened? Other areas to look at might include your culture (Do clinicians engage in risky behavior? Are you making security easy and hassle-free for them?) and/or your process for procuring new devices.
Yes, as mentioned, technology is key—and worthy of investment. From simply keeping up with patches to micro-segmenting your devices to replacing your entire network, there are a number of technology solutions you can employ to ensure your devices stay secure and patients (and their data) are protected.
Want to learn more? These tips are an excerpt from our industry perspective white paper: Cybersecurity in the Age of Medical Devices. Click below to get the full scoop!