• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • COVID-19
  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • Artificial Intelligence
    • Blockchain
    • Mobile Health
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

5 Tips for Protecting Your IoT-enabled Medical Devices

by Dan L. Dodson, President at Fortified Health Security 04/26/2018 Leave a Comment

5 Tips for Protecting Your IoT-enabled Medical Devices

Research shows us that security breaches can greatly impact a healthcare organization’s reputation. Unfortunately, healthcare leaders are stuck in the cross hairs of consumers and hackers. While consumers want transparency, access to information and assurance their personal information will remain safe, hackers are busy compromising patient information at a faster speed than ever before.

As healthcare IT organizations strive to become more accessible and “open” to support patient engagement initiatives, hackers continue to target and exploit healthcare organizations for monetary gain. The required investment in cybersecurity is often overlooked or under funded until an incident occurs. At that point, the damage to an organization’s reputation may have already occurred.

This situation is being exacerbated by the growth of IoT (Internet of Things) enabled medical devices. While revolutionizing the process and practice of patient care, these tools are making IT networks more complex and difficult to manage as devices dynamically enter and exit the environment. Each device brings with it unique vulnerability and risks that traditional homogenous network platform security protocols do not address.

Fortunately, there a number of things that healthcare organizations can do to protect their connected medical devices against cyber attack, including: 

1. Conduct an inventory

Unfortunately, many healthcare leaders are not even aware of how many medical devices are connected to their networks so monitoring and managing risks associated with these devices is a major challenge. What makes this so hard is the dynamic nature in which devices are introduced and removed from the environment. It’s imperative that organizations develop a process to gain the required visibility in order to gather actionable intelligence based on the associated risk.

2. Increase your governance

Security can no longer be referred to an IT problem. The consequences of bad security now reach every aspect of business. Thus, security should be treated as a business issue and dealt with accordingly. Health systems must ensure that sound security decisions are being included at every level of the business. But, it’s equally important to clearly define “owns” and is accountable for the security of your connected medial devices. The dynamic between Clinical Engineering (CE), IT and security is different in every organization. Some organizations think that because clinical engineering owns the budget for connected medical devices that they should also be responsible for overseeing the security of these devices. Others think IT should be responsible. The key is deciding who owns this responsibility, establishing a process and holding them accountable.

3. Create a cybersecurity strategy

It is imperative health systems set a priority to get back to the fundamentals of risk management and good cybersecurity hygiene to improve their overall security posture. Healthcare organizations should review their current overall security strategy to understand how and where connected medical devices fit in. In the past, segmentation, or putting connected medical devices on a separate network, with firewalls around them was they typical protocol. Because of the increasing number of connected medical devices coming into health systems, that this is no longer an effective strategy. Healthcare organizations need to put a system in place that monitors the behaviors of these devices by listening passively to the network and identifying abnormalities in real time. While human interaction is a necessary part of a security strategy, machine learning and artificial intelligence (AI) are becoming very effective defense strategies that should be part of the plan. 

4. Establish a workflow process

If a security issue arises related to your connected medical devices, do you know how you will address it? It’s critical to establish a workflow process for responding to an IoT device acting abnormal. This protocol should be integrated into your overall security plan. Unfortunately, many organizations still follow a fairly inefficient and time-consuming workflow process. There are a number of workflow approaches, including establishing an alert protocol to prioritize and address critical issues, that can be utilized. Whatever process your organization chooses, make sure everyone on the team clearly understand their role, what they are personally accountable for and how the process ties into your organization’s larger security process. 

5. Allocate the right resources

Healthcare organizations need to determine if they have the right dollars allocated to support the operating costs to keep their connected medical devices secure. If a health system goes out and buys these technologies, puts a governance plan in place and hasn’t thought about the ongoing costs to run the program, they will be disappointed. It’s important to do this cost analysis upfront to determine if it’s more cost effective to handle components of your security program in house or to identify a trusted partner.

Healthcare organizations must strike a balance between enabling patient engagement initiatives, protecting their connected medical devices and ultimately securing patient data. While there is not simple fix to this complex challenge, healthcare organizations often focus on the wrong areas at the wrong time. Organizations must develop and execute the fundamentals of security first before exploring advanced solutions.

This requires a defensive, in-depth approach to cybersecurity that is grounded in a detailed HIPAA Security Risk Analysis and a companion corrective plan and then engaging the organization in the plan moving forward. It’s a hefty undertaking but a critical piece of the patient care puzzle.

Dan L. Dodson is President of Fortified Health Security where he helps healthcare organizations effectively develop the best path forward for their security program based on their unique needs and current situation. He currently serves on the Southern Methodist University Cyber Security Advisory Board. Dan holds an M.B.A. in Health Organization Management and a B.S. in Accounting and Finance from Texas Tech University.

Tagged With: Advisory Board, AI, Artificial Intelligence, Connected Medical Devices, cyber security, Cybersecurity, Health Systems, Healthcare Internet of Things (IoT), healthcare it, Healthcare Leaders, HIPAA, Internet of Things, Internet of Things (IoT), IoT, Machine Learning, Medical Device Cybersecurity, Medical Devices, Patient Care, patient engagement, Security Breaches

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Most Popular

Survey: Clinician Burnout Is A Public Health Crisis Demanding Urgent Action

17 Execs Share How Health IT Can Address Clinician Burnout, Staffing, & Capacity

Q/A: Dr. Johnson Talks Racial Disparities in Breast Cancer Care

Q/A: Dr. Johnson Talks Racial Disparities in Breast Cancer Care

Northwell Health Extends Contract with Allscripts Sunrise Platform Through 2027

Northwell to Deploy Epic Enterprise EHR Platform Across System

Sanofi Cuts Price of Lantus Insulin by 78% & Caps Out of Pocket Costs at $35 for All Patients

Sanofi Cuts Price of Lantus Insulin by 78% & Caps Out of Pocket Costs at $35 for All Patients

Pfizer Acquires Seagen for $43B to Tackle Cancer

Pfizer Acquires Seagen for $43B to Tackle Cancer

5 Key Trends Driving Purchasing Decisions in Healthcare IT

5 Key Trends Driving Purchasing Decisions in Healthcare IT

Sanofi to Acquire Diabetes Therapy Maker Provention Bio for $2.9B

Sanofi to Acquire Diabetes Therapy Maker Provention Bio for $2.9B

Dr. Arti Masturzo

Q/A: Dr. Masturzo Talks Addressing Food Insecurity with Patients

Transcarent Acquires 98point6 AI-Powered Virtual Care Platform and Care Business

Transcarent Acquires 98point6 AI-Powered Virtual Care Platform and Care Business

Eli Lilly Cuts Insulin Prices by 70%, Caps Patient Costs at $35 Per Month

Eli Lilly Cuts Insulin Prices by 70%, Caps Patient Costs at $35 Per Month

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • 2023 Editorial Calendar
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2023. HIT Consultant Media. All Rights Reserved. Privacy Policy |