Over 150 Total Lots Up For Auction at One Location - CA 05/31

Tips for selecting an effective HTM risk management solution

by Lauren Dubinsky, Senior Reporter | November 17, 2020
From the November 2020 issue of HealthCare Business News magazine

That plan should include where you want to install the solution, the deployment model and the cost. When it’s time for implementation, Upendra recommends a multi-phase approach because it allows for the continuous evaluation of important success factors.

She stated that an effective solution identifies the different medical devices, builds a risk profile around them, consolidates all that data to provide meaningful information, detects anomalies and unauthorized behavior happening on your network, communicates risk recommendations to the stakeholders and enforces policies in your risk mitigation plan.

“From a health system side, one of the suggestions I provide is that you want to plan your processes before you implement a solution otherwise you’re going to end up with a multimillion-dollar, fancy solution that’s giving you huge amounts of data sets, but you don’t know how to use it,” said Upendra.

She also recommends implementing different solutions at pilot sites and assessing the data to determine which solution meets your program and organization’s long-term goals. That will help you determine whether what the vendor is showing in the scripted demonstration is what is truly going to happen.

Shankar Somasundaram, CEO and founder of Asimily, concluded the session by outlining how data from the risk management solution can be used to improve the security posture of the health system.

“What people forget is that medical devices risk management is really about vulnerability management,” he explained. “The challenge with medical devices is that not all devices have the same risk.”

Even across devices with the same legacy operating system, the risks may be different. Whether an unpatched vulnerability affects a device depends on the exploitability of the vulnerability for the device in that environment, the impact of the vulnerability, how the device is connected, the device’s security capabilities and any other mitigating security controls.

Health systems can use the risk management solution to dig deep into the root cause on an anomaly. Once an anomaly is detected, they can set rules to take corrective action as well as preset certain rules to determine the root cause and take preventative action.

These solutions can also be used to understand the priority for different vulnerabilities, patch the device to ensure it has the latest solution version and/or operating system, and implement workarounds such as Network Level Authentication.

Back to HCB News

Sofiia Sovchenko

re: Tips for selecting an effective HTM risk management solution

January 02, 2024 02:42

Thank you, DOTmed News, for addressing the crucial topic of selecting an effective Healthcare Technology Management (HTM) risk management solution. The insights provided by Cory Brennan on an ideal risk management program for connected medical devices are invaluable for clinical engineers and biomedical teams.

In alignment with this discussion, I'd like to recommend an article that delves into the intricacies of medical device integration with Electronic Health Records (EHR): https://www.cleveroad.com/blog/medical-device-integration-with-ehr/. This piece offers additional perspectives on how seamless integration contributes to effective healthcare technology management.

Your focus on guiding professionals in the assessment of medical device security programs is commendable, and I appreciate the depth of information provided in your article.

Log inor Register

to rate and post a comment



Torrey Hughes

ICU Medical EHR Integration

November 17, 2020 11:59

We have a set of three brand new Hospira/ICUmedical Lifecare PC 7.0 IV Infusion Pump Controllers available. These were the first units produced in 2017 with EHR (Electronic Health Record) integration. Are there many healthcare systems using this platform and protocol?

Log inor Register

to rate and post a comment

You Must Be Logged In To Post A Comment