Fortified Health Security PAUSE TO CONSIDER

PAUSE TO CONSIDER: Managing Connected Medical Device Security Program

The critical nature of connected medical devices, coupled with the fact that responsibility for the devices often lies with multiple teams, means managing the security of your connected medical devices requires unique and strategic planning. To ensure your connected medical device program is successful, pause to consider:

Have you clearly outlined roles and responsibilities?

Often there is confusion about who owns medical device security since it touches clinical and IT teams equally. Identify and document roles and responsibilities to avoid this common pitfall.

Do you completely understand risks with connected medical devices?

Unlike traditional IT assets which mainly protect data, networked medical devices may often be connected to patients, which means a successful attack on that medical device could result in patient harm. The introduction of this vulnerability to patient safety into IT security makes medical device security especially important.

Does your incident response plan consider the uniqueness of medical devices?

When it comes to life-saving devices, downtime is a nonstarter. Medical devices may not be able to be shut off in response to a security incident the way a traditional asset could. When building an incident response playbook, be sure to distribute a call list that includes medical device vendors in case IR teams need providers to contribute to a response.

Fortified Health Security is a healthcare exclusive managed security service provider with an award-winning connected medical device security program. Want to hear more? Contact Fortified Health Security today.

Fortified Health Security is committed to strengthening the security posture of healthcare organizations.  In the spirit of Cybersecurity Awareness month, we will be posting daily information for you to consider when maintaining your organization’s cybersecurity program.