Week Nine
Hello! Welcome to this week's Ryan Report. Today, I will discuss Dave Muoio's article on securing legacy medical devices.
As he states in the title, securing the current install base (AKA legacy) of medical devices at a healthcare delivery organization is a daunting, but not optional challenge. New devices hitting the market are generally "better" at security than devices that have been around for years. Some healthcare devices such as imaging systems are run-to-fail and have been in use at a hospital for perhaps 20 years or longer. These systems were not designed for the modern cybersecurity threat landscape and present vulnerabilities that healthcare organizations must manage.
Muoio interviewed several industry experts on this topic, and there was a consensus on how to start managing the risks that legacy medical devices pose: identification of network-connected medical devices. This seems obvious, but is a challenge that every healthcare organization faces. Most inventory systems are only updated manually, and there isn't real-time visibility into network-connected assets.
After identification, the next step recommended by the experts was assessing risk posed by these devices. Risk assessment ideally leads to the prioritization of threats against legacy medical devices, allowing organizations to strategically allocate resources to manage this risk.
I found this article to be a valuable discussion on managing cybersecurity risk to legacy medical devices. As industry start-ups continue to mature, technical tools may be available to healthcare organizations to solve some of these problems.
As he states in the title, securing the current install base (AKA legacy) of medical devices at a healthcare delivery organization is a daunting, but not optional challenge. New devices hitting the market are generally "better" at security than devices that have been around for years. Some healthcare devices such as imaging systems are run-to-fail and have been in use at a hospital for perhaps 20 years or longer. These systems were not designed for the modern cybersecurity threat landscape and present vulnerabilities that healthcare organizations must manage.
Muoio interviewed several industry experts on this topic, and there was a consensus on how to start managing the risks that legacy medical devices pose: identification of network-connected medical devices. This seems obvious, but is a challenge that every healthcare organization faces. Most inventory systems are only updated manually, and there isn't real-time visibility into network-connected assets.
After identification, the next step recommended by the experts was assessing risk posed by these devices. Risk assessment ideally leads to the prioritization of threats against legacy medical devices, allowing organizations to strategically allocate resources to manage this risk.
I found this article to be a valuable discussion on managing cybersecurity risk to legacy medical devices. As industry start-ups continue to mature, technical tools may be available to healthcare organizations to solve some of these problems.
Comments
Post a Comment