Over 90 Total Lots Up For Auction at One Location - WA 04/08

Secure medical device deployment best practices

February 16, 2021
Cyber Security Health IT
From the January/February 2021 issue of HealthCare Business News magazine

Maintenance of medical devices requires communication and participation with vendors, specifically with respect to security patches and updates. According to FDA’s Postmarket Management of Cybersecurity in Medical Devices, “Because cybersecurity routine updates and patches are generally considered to be device enhancements, manufacturers are generally not required to report these updates and patches as corrections under 21 CFR part 806.” So hospital staff should work with manufacturers to receive timely cybersecurity patches and updates, especially given the continuously changing threat landscape.

Network segmentation
Segregating the hospital network into segments, sometimes called zones or sub-nets, is an effective method of limiting the network traffic and controlling the exposure of medical devices deployed to those sub-nets. This provides some protection against the proliferation of malware and can be done without entirely isolating the devices. Some MDMs can provide implementation guidance or documentation that can assist hospital security staff in device deployment, while some MDMs can provide information on segmentation strategies specifically for their devices. Of growing concern is the deployment of devices in a remote scenario, given the global pandemic, so hospitals should ask for information regarding remote accessibility, specifically focused on security measures that have been taken to limit exposure in remote deployment scenarios.
stats
DOTmed text ad

Reveal Mobi Pro now available for sale in the US

Reveal Mobi Pro integrates the Reveal 35C detector with SpectralDR technology into a modern mobile X-ray solution. Mobi Pro allows for simultaneous acquisition of conventional & dual-energy images with a single exposure. Contact us for a demo at no cost.

stats
Data scoping
Hospital security staff should develop and maintain an analysis of data flows within their networks. Understanding where and how data flows through the hospital network is critical in its protection. Some areas to consider and specific questions to consider include: Are sensitive data encrypted as exchanged between hospital systems on the internal network? Are various data archives containing sensitive data protected with the appropriate levels of authentication and security? Are sufficient backup techniques in place that would enable shorter uptime cycles after an incident? Do these backup techniques include off-site storage or redundant servers? MDMs can help in this exercise by providing detailed information regarding their devices’ handling of sensitive data. For example, MDMs should be able to provide answers to questions like: Are sensitive data stored on the device itself? If so, for how long? Are there procedures in place to periodically remove or refresh the stored data? Are the data stored on the device encrypted, in case of theft? How does the device communicate with other hospital systems? Is this communication with other hospitals systems encrypted?

You Must Be Logged In To Post A Comment