From the January/February issue of HealthCare Business News magazine
The MDS solutions accept inbound vulnerability disclosures, evaluate the HDO’s exposure to these vulnerabilities, and identify response action options to remediate or mitigate each vulnerability according to its level of risk. Below are a few IoMT factors that complicate the analysis of vulnerabilities:
• Unique Protocols
• Dynamic Network Environment
• Risk Assessments
• Risk Scoring
• Traditional Vulnerability Scanning
• Procurement & Supply Chain
• Security Evaluation
• Contract Negotiation
• Software Bill of Materials
Midwest Hand Surgery Auction Closing 5/26 at 8PM. Hologic Fluoroscan Insight-FD Mini C-Arm, Nuvo Dual-Lamp Surgical Lighting System W/Control Panel, Ritter M11 Ultraclave Automatic Sterilizer & More! 2 Day Women's Treatment Center Auction Coming Soon!
Historically, HDO’s have attempted to partition these devices into large network segments that are isolated from general access and/or data center networks. However, simply partitioning all IoMT devices into one network segment fails to achieve the stated goals. Given the required latitude of device requirements and criticality to patient outcomes, these medical device segments often have few network restrictions. Similarly, a walled zoo, without independent cages, lacks control and permits undesirable interaction. It’s important to protect the vulnerable, control the aggressive and contain the infected animals.
MDS allows organizations to leverage their existing security tools to intelligently segment networks. MDS solutions can dynamically generate policies for existing infrastructure such as switches, wireless controllers, firewalls or NAC policy servers to ensure that devices can only interact with other necessary devices enforcing minimum required access.
Computerized Material Management System (CMMS):
CMMS solutions are taking the vast amounts of new device data detail generated by the MDS and making it actionable within new interdepartmental workflows. Leveraging the data from the MDS and CMMS systems can improve asset management, FDA recall response, vulnerability management, utilization management, work orders and contracts.
HTM/Clinical Engineering departments have historically used CMMS to manage their assets (to include IoMT devices) and daily operations. But determining which devices needed software updates or cybersecurity maintenance was nearly impossible. The current operating system version, make, model and known vulnerabilities of the device were not loaded into the CMMS.
HDOs that have discovered how to combine device-level IT Networking data and Information Security data from MDS solutions into the CMMS are experiencing unprecedented return on investments (ROI). Increasing efficiencies in asset management coupled with reductions in risk to patients and data are bringing departments together and revealing that everyone might benefit from these new technologies.
About the author: Ty Greenhalgh has been dedicated to the healthcare information technology and information management industry for over 30 years, He is an ISC2 certified Healthcare Information Security and Privacy Practitioner (HCISPP) and Cybersecurity Officer. Back to HCB News