By Jonathan Langer
Security breaches via IoT devices are a very real threat to healthcare delivery organizations (HDOs) today. Particularly at risk are HDOs that haven’t yet determined who within their organization is ultimately responsible (governance) when it comes to securing IoT devices, whether they are mobile devices, printers, thermometers, defibrillators or fetal heart monitors. Having a clear IoT security governance structure is vital for every HDO with any devices connected to their hospital’s network.
HDOs are naturally adopting innovative IoT devices to deliver first-in-class healthcare, but without the security protocols in place to protect their investment they will not be able to achieve this vision. As the attack surface widens with continued adoption, HDOs are running out of time to secure their networks accordingly. In April, a Michigan-based medical practice made headlines as one of the first in the country to close its doors as a direct result of ransomware.
Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.
Providers need a security program backed by a clear-cut governance structure to protect against malicious hackers if their goal is to take advantage of these innovations for the long-term. Otherwise, they risk becoming the next HDO to shut their doors because of an attack.
Security begins with governance
Information technology (IT), information security (IS) and biomedical engineers (biomed) are the three major stakeholders. Because they all touch IoT-enabled devices in one way or another, HDOs are finding it difficult to clearly define the roles they should play in IoT security.
Each team has their own priorities for medical device security, which makes collaborating difficult:
• Information Technology (IT)
– IT is in charge of the network itself, and IoT devices are just one of the many assets that connect to the network. They need visibility into the kinds of assets they’re connecting to the network.
• Information Security (IS)
– IS’ responsibilities cover network security, which includes protecting those assets connected to the network. They need to protect all connected IoT devices and usually use existing solutions to do so.
• Biomedical Engineers (Biomed)
– Biomed is responsible for purchasing and maintaining medical devices. They need to ensure IoT-enabled medical devices perform as expected when connected to the network, which requires interfacing with IT, IS and device manufacturers.
Their priorities may look different, but they all map back to the same goal — protecting an HDO and its patients from cyberattacks. Unfortunately, they aren’t communicating enough to leverage their combined knowledge and resources to do so.