Over 90 Total Lots Up For Auction at One Location - WA 04/08

Secure medical device deployment best practices

February 16, 2021
Cyber Security Health IT
From the January/February 2021 issue of HealthCare Business News magazine

End user training
In spite of all the warnings and continuous training, end users still represent a popular point of entry for bad actors. By falling victim to phishing campaigns or by unwittingly providing sensitive information, like network credentials, end users are effectively turning off the alarm system and leaving the front door unlocked. In other words, none of the technological best practices implemented will have much impact if end users do not have the proper cybersecurity training.

To illustrate the importance of end user training, here’s a brief summary of an actual incident that took place a few years ago. A large organization hired a cybersecurity consultant to conduct a thorough review of their systems and provide a detailed report of technological weaknesses that could be vulnerable to attack. Before examining a single system, the consultant simply walked into an executive’s office, made up a story about being from the IT support team, and within 5 minutes had a network username and password. No need to look any further. Until this organization trained its end users properly, no technological solution could keep them safe. And this is true for most organizations.
stats
DOTmed text ad

Reveal Mobi Pro now available for sale in the US

Reveal Mobi Pro integrates the Reveal 35C detector with SpectralDR technology into a modern mobile X-ray solution. Mobi Pro allows for simultaneous acquisition of conventional & dual-energy images with a single exposure. Contact us for a demo at no cost.

stats
The good news is that end user cybersecurity training does not have to be overly expensive or administratively burdensome to conduct. There are some end user training programs offered online for as little as $2.70 per end user. End users should be trained annually, and these training records should be maintained in a central repository for reference in the instance of a cybersecurity event or audit. Some organizations conduct their own internal training, which is specific to their environment and infrastructure, and there are tools available to help develop that training content, as well.

Ken Zalevsky
Conclusion
In summary, there are actions that hospital security staff can take today in order to develop a more proactive posture toward medical device cybersecurity, but they don’t need to do it all on their own. Medical device cybersecurity is a shared responsibility, and neither stakeholder has all of the tools and information to address this problem alone. The alignment begins with effective communication, which should be transparent and open, and continues through the entire medical device life cycle. By working together, medical device manufacturers and hospitals can achieve their shared goal of improved patient safety.

You Must Be Logged In To Post A Comment