An article by author, Tom Sullivan, in the May 30, edition of Healthcare IT News, entitled, "Hospital survival guide for a world overflowing with unsecured medical devices", provided a stern warning. Quoting the article: "Medical device security is an utter mess."
Sullivan went on to describe: "Consider this: The machines themselves often have 10, 15 or even 20-year lifespans and replacing those legacy devices with more secure ones en masse is simply not a realistic option." He cited the example of the Mayo Clinic, which: "has what Clinical Information Security Director Kevin McDonald described as a boatload of medical devices anchored down by legacy products..." and also quoted McDonald, who said, “Security should not be the sole responsibility of healthcare providers.”
A sobering statistic from the Ponemon Institute was put forth in the Healthcare IT News article: "Nearly one-third of hospitals and the same percentage of device manufacturers, in fact, said no one person or job function is primarily responsible for device security". It also provided a statement from HelpNet Security: "With only $390 million of the $5.5 billion that HelpNet Security estimated providers and manufacturers have spent on security in 2016 going toward medical devices, it’s no wonder many experts see devices as a potential nightmare." This lack of a holistic approach to security all healthcare devices also leads to what, in the article, CynergisTek CEO Mac McMillan stated: “When devices are used for wrong purposes they can become powerful weapons for attacking systems, gaining access to systems, disrupting services across a broad spectrum”. This includes, according to McMillan, that “We’re seeing more and more IoT attacks.”
But there is hope for providers. Please read the complete article on the Healthcare IT News website by clicking on the logo or link below:
Derive Healthcare Medical Device Solutions
Derive Healthcare is unique as a provider of medical device solutions, including a broad array of point-of-care systems and a full range of additional healthcare technologies. Derive has experience with IT, wireless and physical plant security, with complete healthcare provider clinical workflow, and with devices used in hospital, nursing and other settings. Derive partners with the leaders in healthcare IT to deliver end-to-end solutions surrounding their products.
One of Derive's major differentiators is a medical device maintenance solution that not only extends the useful life of mobile carts, scanners, monitors, and other systems, but also audits and monitors their security in relation to hospital and clinical security services and best-practices. This is supported through Derive's healthcare consulting team and professional services group, utilizing the company's Configuration and Staging Facility, located in Lower Manhattan.
Contact Derive Healthcare
Please use the form on this page or call (212) 363-1111, to speak to a Derive Healthcare Medical Device and Security Specialist (if you use the form, please include "Medical Device Security" in the comments).