Medical device security

September 11, 2014

From the June 2014 issue of HealthCare Business News magazine

It is important for BioMed, clinical engineering, and other teams managing medical devices to either leverage the expertise of IT to ensure that medical devices are meeting the same stringent standards that have been defined for other computer systems in the environment (where possible) or to define and apply their own security standards. How should these standards be defined exactly? The first step is to conduct a formal risk analysis of individual devices to identify the risks so that they can either be addressed/ mitigated or associated compensating controls be identified. In fact, the FDA released new guidance around the security of medical devices in June 2013, and it identified the importance of manufacturers providing “a specific list of all cybersecurity risks” as well as “a specific list and justification for all cybersecurity controls.” Once the risks have been formally identified, it’s just a matter of identifying needed remediation activities or the details around risk acceptance.

Ultimately, addressing security for medical devices at most organizations likely does not involve developing new processes, rather it requires changing the scope to include those devices. Once an organization has identified that these devices can and do present a risk to the organization, the appropriate steps can be taken to either secure those devices or implement compensating controls which will help ensure the confidentiality, integrity, and availability of the organization’s health data.

Training and education based on your needs

Stay up to date with the latest training to fix, troubleshoot, and maintain your critical care devices. GE HealthCare offers multiple training formats to empower teams and expand knowledge, saving you time and money

About the author: Jeremy Molnar is vice president of technical compliance services for CynergisTek, Inc. Molnar has over 14 years experience dedicated to information security, with nine years focused on health care IT. He has participated in hundreds of assessments and remediation plans with clients to help them build comprehensive information security programs. Molnar graduated cum laude from Excelsior College with a Bachelor or Science in Management Information Systems, and his certifications include CISSP, MCSE, CCNA Security and CIPSS.

Back to HCB News



You Must Be Logged In To Post A Comment Sign In If you've already created an account, use your email address and password to sign in using the form below. Login Problems: Click here if you are having login issues. Email address: Password: Forgot your password? Login Problems? View our Legal Notice and Privacy Notice Register Registration is Free and Easy. Enjoy the benefits of The World's Leading New & Used Medical Equipment Marketplace. Register Now!