It's been an amazingly busy year for medical device security. In 2015, the average hospital had not heard of ransomware. (We warned of the hospital malware onslaught in 2012!) In 2016, the hospital C-suites began asking us, "Could that happen here??" after neighboring health systems were taken offline for days by malware. Duh, yes. The important question is how will you ensure that hospital operations continue to remain available to deliver patient care despite legacy capital equipment, cybersecurity risks, and the shifting threat landscape.
Gone are the times when hospitals simply wanted a list of vulnerabilities from pen testers. That's so 2012. A spreadsheet of security vulnerabilities is worse than useless without cognitive support to automatically translate and prioritize the data into clinically relevant actions and remediations to mitigate the risk.
That's why 2017 is the banner year for our BlueFlow software. Safety is our number one priority. We do not fetishize security. Security for the sake of security is not a good strategy for healthcare, but security is an essential part in managing the risks of hospital operations. That's why we urge our customers to think twice before using unsafe security assessment tools that are prone to knocking over fragile medical devices on clinical networks. Instead, use a tool where safety is number one and clinical workflows are sacred. BlueFlow automatically assesses cybersecurity of inventory on clinical networks so that you know what assets are at risk, and can group devices in a manner to make actions and remediations tractable.
The most secure hospital is shutdown: no hacker can break in. But an inoperable hospital isn't very effective. Be safe, be prepared, and be available to deliver patient care.