Due to widespread adoption and a demand to improve patient outcomes, network-connected medical devices are playing a vital role in every health organization. These devices can decrease costs while increasing the quality of care patients receive. Despite the many advantages these devices offer, improper management can introduce significant risk to an organization’s overall security posture. While managing connected medical devices, pause to consider:
Do you know which medical devices are connected to your network and where they are located?
A key step in securing connected medical devices is having a good understanding of what devices exist on your network, where they are located, and what resources connected medical devices communicate with regularly. Maintaining an updated inventory of these devices allows an organization to manage them more effectively and respond to security or operational issues quickly.
Have you documented business ownership and security roles for the devices you don’t own or manage?
Many connected medical devices are not owned or managed by the organizations that use them. This becomes a challenge when the business depends on these devices for service delivery, but security teams cannot deploy security controls like patching and anti-virus to devices they do not own. In these situations, it’s important to document the business owner and ensure they understand their role in protecting those devices. With this documentation, security teams can work with business owners and vendors to implement controls to reduce risk to those devices.
Are you using your tools to capture operational metrics of IoMT devices?
Documenting device utilization and maintenance information allows executive teams to make informed decisions on budgeting and recognize increased revenue from process efficiencies. Let’s consider an organization that has two MRI machines. The medical staff responsible for machine MRI-A is communicating to the leadership team that an additional MRI machine is necessary to meet the current workload. After additional analysis, it is determined that offloading a portion of the patient scans to MRI-B will reduce the workload and allow the facility to reduce patient wait times. Deploying the proper technologies assist organizations by decreasing costs while increasing overall patient satisfaction.
Fortified Health Security is committed to strengthening the security posture of healthcare organizations. In the spirit of Cybersecurity Awareness month, we will be posting daily information for you to consider when maintaining your organization’s cybersecurity program.