http://healthitsecurity.com/2014/09/30/how-are-hospitals-handling-medical-device-security/
By Patrick Ouellette
Health IT Security
September 30, 2014
Dale Nordenberg, moderator of the medical device security panel discussion
at this year’s HIMSS Privacy and Security Forum, made an interesting point
in saying that medical devices fit somewhere between BioMed, IT and
security. Given the likelihood that they fall through the cracks, what are
are the best ways for healthcare organizations to monitor the risks
associated with these devices?
Nordenberg, a medical device expert, discussed security experiences and
safeguard tactics with panelists Kristopher Kusche, VP of Information
Services, Technology Services at Albany Medical Center, and Darren Lacey,
Chief Information Security Officer (CISO) of Johns Hopkins University and
Johns Hopkins Medicine.
The first major topic of conversation was the manner in which Kusche
approaches risk assessments for medical devices. Kusche said he had 20,000
medical devices across two hospitals, which outnumbers the 18,000 managed
IT products, such as computers, the organization has on the network. As a
Joint Commission accredited hospital, he said that Albany Medical Center
has been assessing every device for risk for a long time because it was a
Joint Commission requirement. The only major difference now is the
addition of cybersecurity to that risk assessment.
“When the FDA released its cybersecurity recommendations in June 2013, we
took them to heart,” he said. “After having done full cybersecurity
assessments for our IT components and systems for HIPAA, the next logical
step was to perform assessments on medical devices.”
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
