By Jonathan Langer
The connected medical device market is on a growth trajectory with more than 3.5 million medical devices in use today. From a security perspective, this translates to 3.5 million network connections that hackers can take advantage of to access sensitive patient information or worse, attack individual patients.
As the Internet of Medical Things (IoMT) landscape continues on this path, vendors adept at securing general Internet of Things (IoT) devices in operations, asset management, smart grids and consumer products are offering solution packages to protect connected medical devices.
Midwest Hand Surgery Auction Closing 5/26 at 8PM. Hologic Fluoroscan Insight-FD Mini C-Arm, Nuvo Dual-Lamp Surgical Lighting System W/Control Panel, Ritter M11 Ultraclave Automatic Sterilizer & More! 2 Day Women's Treatment Center Auction Coming Soon!
But these devices present unique security challenges that require clinical context to ensure the full visibility needed to meet them, and these general IoT vendors lack the foundational background in healthcare necessary for true IoMT security. Providers should not only be able to see that there are devices connected to their network, they also must be able to identify each connected device with great granularity (including manufacturer protocols) and have up-to-date information on risk ranking, device utilization, software maintenance and compliance data.
Medical devices aren’t printers and they shouldn’t be treated as such
Generally, provider networks look like any other organization’s network. Network managers armed with a variety of security and management tools safeguard the hospital or health system from potential breaches. Devices are organized by category – printers, mobile devices, equipment, etc. – to effectively and efficiently maintain network security, each having a specific set of rules and configurations according to industry best practices. Anything out of the ordinary requires remediation.
The primary function of medical devices is what separates them from the rest as they play a more direct role in aiding and improving patient care. Think of patient-centered devices connected to a hospital’s network – their purpose covers anything from measuring patient vitals, to delivering an accurate diagnostic picture for clinical decision guidance, to playing a pivotal clinical role with a direct impact on patient care. This also means they pose an array of different security risks, starting with the distinct differences between each device. Logically, this unique category of devices requires a more specialized set of rules and configurations designed to ensure a secure connection per device.