On Thursday, the director of clinical information security at the Mayo Clinic, Kevin McDonald did a reality check on how to best to guard the dizzying range of medical devices attached to the networks of the hospital.
Here Is What Kevin McDonald Suggested
1. Simple Steps Can Reduce The Risk
During an FDA hearing titled Cybersecurity of Medical Devices: A regulatory Science Gap Analysis, Kevin McDonald said that hospitals can reduce the medical device security by 60 percent to 70 percent by doing simple things.
2. Basic Steps Suggested
McDonald suggested some very basic steps like –
- Having an inventory of devices and software
- Regularly patching operating systems
- Whitelisting
- Installing anti-virus software
- Restrict hard-coded, default or non-expiring passwords
3. Old Medical Devices Will Continue To Be Problematic
According to McDonald, these simple steps do not guarantee 100% protection, as old medical devices who do not have built-in security would continue to create problems. For complete resolution of mobile device security, the hospitals need to replace all the old devices with new ones that have a built-in security system.
McDonald said – with end number of devices floating around still “there are very few secure devices to buy,”
4. Mayo Clinic Is Not Representative Of The Real World
McDonald is quite worried that with around 25,000 medical devices connected to its network and 13 full-time employees focused on medical device security the company is still not representative of the actual world.
5. Smaller Hospitals And Physician Offices To Face Major Troubles
McDonald said the smaller hospitals and physician offices are in a lot of trouble as there is no killer app to fix this problem. The solution has to be a combination of things but sadly, for many legacy devices, there are no solutions available except the local firewalls.
Date: May 20, 2017