Managing Security Vulnerabilities in Connected Medical Devices
Connected medical devices are evolving as the lifeblood of healthcare infrastructure. Some of these systems are running with significant security vulnerabilities that can greatly impact the functioning of the healthcare system. So the challenge of securing these devices is becoming increasingly important to health systems around the world. Below are certain recommended best practices for safeguarding those sensitive devices.
1. Establishing and maintaining communication with medical device manufacturer's security professionals to ensure that the devices have the latest measures in form of patches and ensured communication about threats.
2. Installing security and updated system patches on devices can also help. The coded patches should be validated, distributed by medical device manufacturers and properly tested before implementation.
3. Assessing current security controls on networked medical devices can ensure efficient working and will not be easily hacked.
4. Assessing inventory traits should include a Media Access Control address, Internet Protocol address, network segments, operating systems, applications and other elements relevant to managing information security risks.
5. Implementing pre-procurement security requirements can help ensure the organization's minimum requirement for the device and network security is achieved.
6. Implementing information security assuring practices, such as security risk assessment of new devices, validation of vendor practices on both networks and facilities.
7. Implementing access control for clinical and vendor support staff. The process can include remote access, monitoring of vendor access and so on.
8. Developing and implementing network security applications and practices for device networks.
9. Allocating the right resources to support the operating costs to keep the connected medical devices safeguarded. It is important to do this cost analysis upfront to determine the cost-effectiveness of the security program, to identify a trusted partner and exploring advanced solutions.
As more network-connected medical devices continue to enter the healthcare IT infrastructure, security practices need to be in place. A strong urge for enforcing these practices can help fix the fast-growing issue to contribute in the long run of the organization.