Clinical engineers (CE) and biomeds need to be in the loop if healthcare organizations can hope to address cybersecurity risks.
We're not sure why this simple principle hasn't occurred to most vendors of security products, but we are sure of one thing: it's time for the era of mistrust between CE and IT to come to an end. We lost track of how many times we heard "security is a shared responsibility" at AAMI.
This was Virta Labs' first visit to the AAMI Expo floor, but not our first contact with AAMI: our Chief Scientist helped write the AAMI TIR57 standard, and as you know we've been building a healthcare cybersecurity community for about ten years. This year's expo was a great chance to continue to welcome clinical engineers and biomeds into the fold.
Here are some highlights from our perspective:
- Clinical engineers correctly understand that security risks can pose safety risks, but CEs usually don't share tools with IT teams, meaning that priorities can become misaligned. (This is the problem BlueFlow addresses.)
- Device makes still have some catching up to do. An informal sample suggested that not every manufacturer has developed a mature plan to build security into their products starting with early design phases. Security cannot be bolted on.
- We kept our pledge to donate $2 to SAFE Austin for each in-depth demo we gave to booth visitors, donating over $100 on behalf of our growing community.
- Voodoo Doughnut has an outpost in Austin and it's a great escape from conference-land, should one need a few minutes. Pro tip.
(Photos by @PROP_TIL, from @DrKevinFu's keynote Harken Memorial Lecture, and @br_)