Hospitals face significant barriers to medical device security
In today’s environment, there’s a constant need to drive a balance between functionality and security, where medical device manufacturers mitigate against threats while meeting the clinical demand to deliver a robust, interoperable and safe product for treating patients. Three barriers to medical device security come to mind, and they all involve the critical relationship between manufacturers and healthcare organizations: asset management, the changing threat landscape and compressed timeline requirements.
Asset management
To secure devices effectively for clinical use, organizations need to understand what those devices are and how they are operationally integrated. It’s critical for an organization to track assets. Evolving remote support solutions, enhanced secure connectivity and increased vigilance in inventory management all have the potential to improve security.
The changing threat landscape
Another top barrier is the speed at which the threat landscape changes for medical devices, and a manufacturer’s ability to anticipate and respond to these threats in real time. Organizations should evaluate their vendor’s responses to emerging threats, such as the timeliness of issuing software updates or applying patches to a device. Medical technology companies need to be agile with their development and release processes, which require time for validation and verification prior to providing an update.
Compressed timeline requirements
Too often, manufacturers compress contractual incident response and vulnerability timeline requirements. Manufacturers need to issue well-defined compensating controls and mitigations to reduce security risk—but it’s reactive. We know that proactively improving security awareness and prioritizing security hygiene from an organization-wide perspective is important. For these reasons, companies need to actively collaborate with customers to ensure they have the necessary information to better secure their products.