Expert: as mobile devices spread, so do cyber security risks
As medical devices have proliferated across the healthcare landscape, they’ve also emerged as a serious cybersecurity risk. Why? Because the professionals tasked with monitoring cybersecurity procedures haven’t been involved in the purchasing decisions.
That’s according to Karl West, CISO at Intermountain Healthcare in Salt Lake City, who recently discussed the common mistakes healthcare organizations make that contribute to the security challenges for medical devices in an interview with Tech Target.
As he sees the situation, medical devices fall outside the traditional IS (information systems) controls because “the common processes that we have in place for our servers, for our routers, for our end-points, don't include these medical devices. Those critical cyber processes that need to be comprehended are procurement, asset management, asset inventory, lifecycle maintenance, patching, asset disposition and common security controls. Those are things that happen in all of the other cyber programs and on traditional end-points and servers, but these medical devices generally come in through very different procurement channels.”
West notes devices can come into a network “ through homecare, or a caregiver, sometimes an anesthesiologist, or an ophthalmologist, perhaps into an audiology department. They come in as a result of the need for a device to monitor and manage the specific needs of a patient at the home, or at the hospital or in a clinic. The transformation of care and evolution of digital technology does create a large opportunity and a problem. The device manufacturers and providers must work together to understand risk and protect our patients and their data. That is the only way we're going to understand and solve all these medical device issues.”
West also expressed concern about the onslaught of internet-connected devices that could provide clinicians with critical information but come with a broad range of cybersecurity concerns.