Endpoint Security , Governance & Risk Management , Healthcare

John Halamka: Mitigating Medical Device Security Risks

Thought Leader Outlines Critical Considerations
John Halamka: Mitigating Medical Device Security Risks
John Halamka, M.D., executive director for technology exploration at Beth Israel Lahey Health

Enumerating medical devices, identifying where the security risks lie, and then implementing a multilayered defense plan to mitigate those risks should be top priorities for healthcare organizations, says thought leader John Halamka, M.D., executive director for technology exploration at Beth Israel Lahey Health.

That's because most large healthcare entities "probably have thousands of [legacy] medical devices running Windows 98 on up, and devices that probably have free-text passwords or little to no auditing from a security perspective," he says in an interview with Information Security Media Group

"It's really important to bring visibility to the devices that you have," Halamka says. "If you have a split between IT and clinical engineering, that might be hard. So either unify the departments, or if you can't do that, put in the tools and technologies to bring that visibility," he says.

Addressing Risk

Once an organization has better visibility into medical devices and their risks, "you put in firewalls and sometimes you do air gapping - devices aren't connectable to the internet," he says.

Ongoing monitoring is also critical, he stresses. "There are certain behaviors you just shouldn't see" with medical devices, he points out, such as "an IV pump making a phone call."

Understanding past patterns of medical device behaviors, he says, will help with early detection of "malware, ransomware and breaches that external entities are attempting on your organization."

In the interview (see audio link below photo), Halamka also discusses:

  • Top cyberthreats facing medical devices;
  • Various steps his organization has taken in recent years to bolster medical device cybersecurity;
  • Why insiders remain the top security risk for many healthcare entities.

Halamka is executive director of the health technology exploration center at Beth Israel Lahey Health. The center extends the organization's international reach through formalized affiliations and technological advances that aim to make medical care more efficient, accessible, and integrated. Halamka was previously CIO of Boston-based Beth Israel Deaconess Health System, which earlier this year merged with several other Boston-area healthcare organizations, including Lahey Health, New England Baptist Hospital, Mount Auburn Hospital and Anna Jaques Hospital. Halamka is also international healthcare innovation professor at Harvard Medical School and an adviser to security vendor Cynerio.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.