How hospitals can manage and protect their complex medical device landscape from attacks
According to a Deloitte study, approximately 68% of medical devices will be either connected or connectable to a health system network by 2025. Each of those devices simultaneously represents an opportunity for healthcare providers to transform the delivery of patient care as well as for attackers to infiltrate a health system’s network, as any device is a potential entry point for hackers. To strike a balance between improving patient care and mitigating cyber risks, hospitals need solutions to help manage and protect their medical devices and refine their security position.
Effective cybersecurity mitigation strategies require transparency
Today’s healthcare networks are increasingly complex. The information that security, biomed and clinical engineers need to make good device management and security decisions to optimise the environment is often time-consuming and elusive to get. General-purpose discovery solutions do not possess the medical expertise to accurately identify the granular device details hospitals need to make informed decisions around procurement, deployment, maintenance, security, and management. As a result, most health systems must rely on manual inventories, which are error-prone and typically incomplete, making it extremely difficult for a hospital to deliver on all safety, efficiency, and availability requirements.
As most medical and IoMT devices are closed systems requiring extensive knowledge of proprietary software, clinical workflows, and protocols to accurately identify and understand them, they remain a blackhole for most solutions. Very few vendors want to invest the time and resources it takes to understand the thousands of different device types, manufacturers, protocols, and operational parameters found in a clinical network. As a result, health systems rely on the most basic of information, like device type, IP addresses, and ports when making sophisticated asset management and security decisions.
Without the right clinical context, however, it is hard for health systems to confidently take action to improve the efficiency and security of their environment. It is difficult to understand if activity is abnormal and dangerous or critical to the ongoing operation of the device. For example, it is not uncommon for medical devices to receive communications from the device manufacturer, yet security best practices would dictate that downloading anything from an external IP address should be blocked. Without clinical context and awareness, any action taken to disrupt the external connection could end up doing more harm than good.
Medigate helps to simplify medical and IoT device management and protection
Medigate’s dedicated medical device security and asset management platform addresses the aforementioned challenges. It enables providers to deliver secure, connected care by fusing the knowledge and understanding of medical workflows, device identities and protocols with the reality of today's cybersecurity threats. The company’s expertise allows hospitals to safely operate all medical devices on their network. This enables the deployment of existing and new devices to patients, while ensuring privacy and safety. For its efforts around cybersecurity, Medigate won the 2020 Frost & Sullivan ‘Enabling Technology Leadership Award for Medical Device Security’.
"We were able to target our resources and remediation programming knowing exactly what to look for. In fact, we've since found that Medigate's ability to provide device location and maintenance state is saving us about 40-man hours per week," reveals Federico Nuno, a biomed executive at California-based Torrance Memorial Medical Center.
For more information, please visit medigate.io.