How are hospitals handling medical device security?

[InfoSec News <alerts () infosecnews org>]

http://healthitsecurity.com/2014/09/30/how-are-hospitals-handling-medical-device-security/

By Patrick Ouellette
Health IT Security
September 30, 2014

Dale Nordenberg, moderator of the medical device security panel discussion 
at this year’s HIMSS Privacy and Security Forum, made an interesting point 
in saying that medical devices fit somewhere between BioMed, IT and 
security. Given the likelihood that they fall through the cracks, what are 
are the best ways for healthcare organizations to monitor the risks 
associated with these devices?

Nordenberg, a medical device expert, discussed security experiences and 
safeguard tactics with panelists Kristopher Kusche, VP of Information 
Services, Technology Services at Albany Medical Center, and Darren Lacey, 
Chief Information Security Officer (CISO) of Johns Hopkins University and 
Johns Hopkins Medicine.

The first major topic of conversation was the manner in which Kusche 
approaches risk assessments for medical devices. Kusche said he had 20,000 
medical devices across two hospitals, which outnumbers the 18,000 managed 
IT products, such as computers, the organization has on the network. As a 
Joint Commission accredited hospital, he said that Albany Medical Center 
has been assessing every device for risk for a long time because it was a 
Joint Commission requirement. The only major difference now is the 
addition of cybersecurity to that risk assessment.

“When the FDA released its cybersecurity recommendations in June 2013, we 
took them to heart,” he said. “After having done full cybersecurity 
assessments for our IT components and systems for HIPAA, the next logical 
step was to perform assessments on medical devices.”

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/