Medical Device Security is an Inventory Problem
Last week, the American Hospital Association (AHA) interviewed us on how to improve medical device security for its podcast to member hospitals. The AHA represents and serves all types of hospitals, health care networks, and their patients and communities in the United States. Nearly 5,000 hospitals, health care systems, networks, other providers of care and 43,000 individual members come together to form the AHA.
Our colleagues at the AHA get a lot of questions from their members on medical device security. How can a healthcare delivery organization assess the cybersecurity of its inventory of medical devices without resorting to manual entry? How much security is enough? What are the roles of ISAOs?
The main takeaways:
- Follow the NIST cybersecurity framework to assess risk, deploy appropriate compensating controls, and continuously measure effectiveness of controls
- Choose security tools where safety and clinical workflow are top priorities
- Implement meaningful security requirements during procurement such as found in the Mayo Clinic vendor book.
Security of Medical Device Inventory: Stop Making Motions. Start Taking Action.
To measure medical device inventory on clinical networks and form action plans to remediate cybersecurity risks, try the BlueFlow software. Safety is our number one priority, but we live and breathe cybersecurity as a means to achieve high availability and integrity of healthcare delivery. That's why hospitals trust us.