Tackling Medical Device Security as a Public Health IssueDale Nordenberg of MDISS on Taking a Team Approach
Medical device cybersecurity must be recognized as a critical public health issue so that all segments of the healthcare sector understand their roles in addressing the many complicated challenges involved, says Dale Nordenberg, M.D., executive director of the Medical Device Innovation, Safety and Security Consortium.
Several factors are contributing to the urgency of medical device cybersecurity, Nordenberg says in this second segment of a two-part interview with Information Security Media Group.
Those factors include the vast number and diversity of medical devices, manufacturers and healthcare entities that use those products. In addition, he says, "The threat landscape is always evolving, along with the technology landscape. All of this creates increasing complexity and increasing risk.
"Having said that, the public health community is well-versed in addressing complex policy issues, and complex technical issues. ... That's why the apparatus and the methods for dealing with [medical device cybersecurity] are well-grounded in traditional public health practice."
Taking a public health approach to device security, Nordenberg says, means asking the question: "How can we all come together and work together to mitigate the risk associated with our valuable national biomedical network from the smallest point of care, to the very large healthcare systems that may cross state boundaries?"
Protecting devices requires addressing technical, healthcare delivery and business issues, he stresses.
"When we get those three points aligned, we'll be able to address this in a way that all stakeholders will step up," he says. "The physicians, the quality and risk officers, the safety officers will really be in engaged with the technical staff, so we'll start to bridge across the technical silos, but also across the quality of care silos. And when we do that, we'll start getting into the C-suite - and at that point, we'll start seeing the appropriate resources, attention and tools to define the problem."
In this interview (see audio player below photo), Nordenberg also discusses:
- Why it's risky for hospitals to assign the duty of securing medical devices to just the IT security group or the biomedical engineering department;
- The evolving security and safety risks posed by interoperability between medical devices, electronic health records and other health applications;
- Promising developments on the horizon for medical device cybersecurity.
In part one of this two-part interview, Nordenberg analyzed the challenges involved with tracking and managing the enormous number of medical devices used at large healthcare entities.
In addition to his role leading the MDISS consortium, Nordenberg, a pediatrician, is CEO of the consulting firm Novasano Health and Science. He's a member of the Health IT Standards Committee of the Department of Health and Human Services' Office of the National Coordinator for Health IT as well as the FDA's National Evaluation System for Technology Planning Board. He also co-chairs the recently launched Medical Device Security Information Sharing Council for the NH-ISAC.