Indiana University Health is working with TriMedX to create a new cybersecurity lab that will evaluate and test the security of medical devices, with the hope of mitigating cybersecurity threats as part of the of the device development process.
WHY IT IMPORTANT
TriMedX, which specializes in clinical engineering and clinical asset management, will bring its technology expertise to the Medical Device Security Lab at IU Health – collaborating on the testing of its medical devices health systems to find security and interoperability vulnerabilities. The supplier-built company has data on 92% of all active medical device models.
The purpose of a security laboratory is to perform testing on medical devices in a risk-free environment for the patient. Network researchers will evaluate net-new devices before deploying them in hospitals.
Additionally, they will examine security configurations and settings to discover which services need to be enabled and which ports need to be available on the network to ensure safe operation. And they will scan specific devices for security checks without a live network or patient risk.
The goal is to eventually share these capabilities with other health systems, according to both organizations.
“Mitigating cybersecurity threats is critical to protecting patient safety and data,” said Nick Sturgeon, executive director of information security at Indiana University School of Medicine. “Advanced device testing lab enhances the ability to fix vulnerabilities before equipment reaches the patient floor.”
TREND TO BIGGER WOMAN
IU Health and TriMedX note that nearly 70% of medical devices are predicted to be connected devices by 2025.
Meanwhile, reports continue to show that hospitals have yet to get a handle on their IoT security strategies. More than half of respondents to a recent survey said their healthcare organizations had experienced one or more cyberattacks in the past 24 months involving connected medical devices – many of them, the FBI warned, are outdated.
Policymakers are trying to tackle the challenge with legislation, such as the PATCH Act, that would introduce basic cybersecurity requirements for device manufacturers applying for FDA approval and require FDA approval. require plans to monitor and address after-market vulnerabilities.
Ultimately, the mechanism is for vendor organizations to develop and maintain effective medical device security programs.
ON PROFILE
“The rise in threats and vulnerabilities is why this partnership is so important,” said Sturgeon. “The partnership will allow us to be at the forefront of innovation and continue to protect the health and security of our patients.”
“We expect this Medical Device Security Lab to pave the way in creating a space for devices to be tested prior to use and launch,” said Doug Folsom, Chief Technology Officer. flag common security issues before deploying devices in healthcare environments,” said official and president of cybersecurity at TriMedX.
“The aim is to see an overall reduction in device security threats and ultimately make this research scalable and available to more organizations,” he said.
Twitter: @MikeMiliardHITN
Email the writer: [email protected]
Healthcare IT News is a HIMSS publication.
