More medical devices than ever are network connected. This includes devices such as patient monitors, imaging devices and drug pumps connecting to both wired and wireless networks for sending telemetry to medical staff and enabling patient care.
The networks in medical facilities like hospitals, doctor’s offices, and specialty clinics contain a mixture of medical and non-medical devices that share network space and network resources. These shared spaces increase the risk of an IP enabled medical device being negatively impacted, directly or indirectly, by viruses, malware, and malicious network traffic.
Yet, IT support personnel have limitations placed on them by both device manufacturers and the FDA that restrict their ability modify these devices to increase their security posture. Often these devices are proprietary systems that cannot be patched with standard enterprise systems and tools. Many application specific systems are based upon proprietary operating systems for which OS level patching isn’t possible.
While the deck is stacked against administrators in the healthcare space, it is possible to increase the security posture of the network to ensure both devices and patients are protected. Enhanced security starts with answering three essential questions:
- How can you protect it if you don’t know it exists?
- We know that devices are connected, but we don’t know what they are.
- We’ve got all of our devices categorized and grouped; What do we do now?
In my next blog, I’ll dig deeper into these three questions and the steps needed to ensure your medical devices are secure.