• About Us
  • Events
  • Newsletter Sign Up
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
    1. Cybersecurity

    At HIMSS24: Risk to Medical Devices Is a Risk to Patients

    March 19, 2024
    At this year’s annual HIMSS conference, self-proclaimed professional hackers discuss securing the modern connected hospital.
    Healthcare Innovation Group
    HIMSS24

    How do we protect medical devices? This question was discussed during a cybersecurity preconference session on March 11 at HIMSS24 in Orlando. The session titled “Securing the Modern Connected Hospital: loT, IoMT, and OT” was moderated by Benoit Desjardins, M.D., Ph.D., professor of radiology and medicine at the University of Pennsylvania.

    “Every device has a management cycle,” said James Angle, product manager of information security at Trinity Health. Angle underscored the importance of applying security patches and being able to take the device out of service during a set maintenance period. He acknowledged that obtaining security patches from the manufacturer can take a while. He said it’s essential to understand vulnerabilities and mitigate them. Additionally, he advised that the device should be tested before being put into operation.

    “If an attacker wants to get on your network, they will,” remarked Kevin Johnson, CEO of Secure Ideas LLC and a self-proclaimed hacker of medical devices. He advised focusing on protection when attackers get in. “Slow down,” he said, “so you have time to react.” John advised focusing on the IT aspect, looking at the device configurations and what they connect to. “Simple firewalling,” he commented, “can prevent most device attacks if set up correctly.” Vendors assume that hospitals will make changes, he noted.

    Angle and Johnson mentioned that no enforcement mechanisms are in place and that it’s the health sector’s responsibility to ensure device security. John remarked that the regulations in the Biden administration's bill provide a false sense of security. He believes that vendors need to be held more accountable. “How do you prove a device is secure?” Johnson asked. “Regulation isn’t a resolution,” he said.

    Audience member Dr. Christian Dameff, M.D., M.S., disagreed with the point that vendors aren’t currently held accountable. He remarked that the Food and Drug Administration (FDA) refuses to approve devices based on cybersecurity. Even though the FDA says it provides guidelines, he argued that they are more than just guidelines.

    Continue Reading

    Sponsored Recommendations

    10 Reasons to Run Epic on Pure

    Gain efficiency & add productivity to your Epic data center. Download now to learn more!

    Payer Platform Services and Support

    Let’s leverage Payer Platform for smooth, seamless operations.When tasks are important and need to be done right, you trust the experts. The same is true for your...

    Pure Powers Progressive Payers

    Increase your business agility with Pure’s digital payer platform.Legacy storage solutions cannot keep up with the ever-expanding initiatives in the payer market. To deploy...

    Executive Handbook: Ten Transformative Trends 2024

    The editors of Healthcare Innovation have published their annual Ten Transformative Trends ensemble of articles