From imaging machines to blood pressure monitors, to ventilators and surgical equipment, each medical device either provides hackers a way into a hospital’s network or, worst case scenario, enables manipulation at the patient level unless properly secured. Without a solution that can fingerprint every medical device, detect anomalies at a device level based on manufacturer protocols and prioritize threats based on clinical workflows, adequate device security would require staffing that most hospital and health systems do not have. Each of these medical devices requires their own maintenance and remediation schedule, patches and operating systems need to be updated continually and obsolete devices need to be identified and removed from the network.
Medical devices may live on the network but they’re part of the biomed ecosystem
Not only are providers dealing with thousands of devices, but most medical devices are purchased and maintained by biomedical engineers, not IS or IT. The hospital or health system is in control of when and how often these two departments actually meet to connect on device purchasing and ongoing management. Regardless, each device is purchased in the interest of patient health, with the ultimate purpose of driving better overall care, which necessitates an understanding of its level of security when making a final purchasing decision. The underlying assumption is that the device and its network connection will be secure, and the network manager will oversee the actual device’s status for ongoing maintenance and monitoring.
Midmark Workstations are made to order with customization that can assist with the integration of telehealth and other technology at the point of care, wherever that may be. See more>>>
Once purchased, the network manager is tasked with configuring and managing the device to ensure it works properly and is not an entry point for hackers looking to breach the network. The end goal is to ensure the device causes no harm to patient(s) or the hospital’s network. This is not an easy task for those dependent upon an IoT security solution that cannot properly identify and comprehend device-specific protocols, communications and behaviors required to both run efficiently and detect anomalies or suspicious activity.
A security solution solely focused on medical devices will provide peace of mind for the biomed engineers, while also ensuring ease of use for those in the IS and IT departments.
A bonus beyond security — real asset tracking and utilization
Proper medical device security requires knowing each connected device inside and out at any given time. This includes maintenance schedules, software upgrades, patches and location, as well as whether a new model has been released to ensure physical hardware is appropriately current. Every year, millions of dollars in hospital equipment is underutilized or goes missing – from MR machines to defibrillators – and they’re not always stolen. IS and IT need a security solution that is in constant contact with medical devices to ensure total visibility. In addition to finding missing equipment, they will be able to guard against potential breaches, with the ability to disconnect obsolete devices from the network.