While medical devices have enabled incredible advances in patient care, their cybersecurity posture hasn't improved much in the past decade. This, despite repeated warnings from many healthcare security experts.
Jennings Aske, CISO at New York-Presbyterian, an academic medical center, says the healthcare sector is still struggling to figure out device security and contends that federal regulations have not been helpful in making it a priority.
"There are many conversations happening now," Aske says. "And I'm starting to feel like there is a shift ... Manufacturers, and the folks responsible for security, are attending these meetings and saying the right things. But it's going to take some time to get things baked into products. I'm not convinced fully that manufacturers are there yet, but I'm starting to see the cracks in the wall."
In this interview, Aske, who will be speaking at Information Security Media Group's upcoming Healthcare Security Summit, slated for November 14-15 in New York, also discusses:
- Why Food and Drug Administration oversight into medical device security isn't stringent enough;
- The factors that have contributed to slow industry response to device security;
- What healthcare teams should prioritize now in their medical device security strategies.
Before becoming CISO at New York-Presbyterian, Aske, who is an attorney, was vice president of information security and CSO at Nuance Communications as well as chief information security and privacy officer at Partners HealthCare.