• About Us
  • Events
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
  • Innovators
    1. Cybersecurity

    At HIMSS24: Risk to Medical Devices Is a Risk to Patients

    March 19, 2024
    At this year’s annual HIMSS conference, self-proclaimed professional hackers discuss securing the modern connected hospital.
    Healthcare Innovation Group
    HIMSS24

    How do we protect medical devices? This question was discussed during a cybersecurity preconference session on March 11 at HIMSS24 in Orlando. The session titled “Securing the Modern Connected Hospital: loT, IoMT, and OT” was moderated by Benoit Desjardins, M.D., Ph.D., professor of radiology and medicine at the University of Pennsylvania.

    “Every device has a management cycle,” said James Angle, product manager of information security at Trinity Health. Angle underscored the importance of applying security patches and being able to take the device out of service during a set maintenance period. He acknowledged that obtaining security patches from the manufacturer can take a while. He said it’s essential to understand vulnerabilities and mitigate them. Additionally, he advised that the device should be tested before being put into operation.

    “If an attacker wants to get on your network, they will,” remarked Kevin Johnson, CEO of Secure Ideas LLC and a self-proclaimed hacker of medical devices. He advised focusing on protection when attackers get in. “Slow down,” he said, “so you have time to react.” John advised focusing on the IT aspect, looking at the device configurations and what they connect to. “Simple firewalling,” he commented, “can prevent most device attacks if set up correctly.” Vendors assume that hospitals will make changes, he noted.

    Angle and Johnson mentioned that no enforcement mechanisms are in place and that it’s the health sector’s responsibility to ensure device security. John remarked that the regulations in the Biden administration's bill provide a false sense of security. He believes that vendors need to be held more accountable. “How do you prove a device is secure?” Johnson asked. “Regulation isn’t a resolution,” he said.

    Audience member Dr. Christian Dameff, M.D., M.S., disagreed with the point that vendors aren’t currently held accountable. He remarked that the Food and Drug Administration (FDA) refuses to approve devices based on cybersecurity. Even though the FDA says it provides guidelines, he argued that they are more than just guidelines.

    Continue Reading

    Sponsored Recommendations

    Telehealth: Moving Forward Into the Future

    Register now to explore two insightful sessions that delve into the transformative potential of telehealth and virtual care management solutions.

    How Gen AI is driving efficiency in the ED

    Discover how Gen AI is revolutionizing efficiency in the Emergency Department (ED), enhancing patient care, and alleviating staffing challenges. Join Microsoft and Valley View...

    7 Steps to Sharpen Your Healthcare Revenue Cycle

    If you manage a healthcare revenue cycle, you know the road to quick, complete payments is rocky. Using decades of industry expertise and real-world data, we’ll help you develop...

    Patient Care Resolved: How Best-in-Class Providers Eliminate Obstacles to Reduce Cost

    Healthcare organizations face numerous challenges impacting care delivery and patient experiences. By eliminating obstacles to patient care delivery they can reduce operating ...