3rd Party Risk Management , Endpoint Security , Governance & Risk Management

Help Available for Tackling Legacy Medical Device Security

FDA's Jessica Wilkerson, Mike Powers of Intermountain Health Discuss HSCC Guidance
Jessica Wilkerson, senior medical device cyber adviser, FDA, and Mike Powers, system director for health technology management, Intermountain Health

Healthcare providers are struggling with protecting legacy medical devices against a rising tide of cyberthreats. New Health Sector Coordinating Council guidance can help, said Jessica Wilkerson of the Food and Drug Administration and Mike Powers of Intermountain Health.

See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities

"The issue of old, outdated, unsupported technologies within healthcare is a growing problem and one that can increase the severity of cyber incidents that can occur in the sector because they can be very difficult to protect," said Wilkerson, senior cyber policy adviser and medical device cybersecurity team leader at the FDA's Center for Devices and Radiological Health.

Medical devices too often do not receive patches or updates. "They may be very difficult to guard against current cyberthreats, because they weren't designed at a time when modern cyberthreats existed, but they still are in use. They're still providing clinical value," she said in an interview with Information Security Media Group.

While healthcare entities of all types and sizes face legacy medical device issues, the challenges can be especially difficult and risky for certain organizations - including some device makers, said Powers, system director for health technology management at Intermountain Health.

"This is a problem that's always going to be there," he said in the joint interview. But the HSCC guidance aims to assist those that are particularly challenged, he added. "Organizations that are a little less cyber-mature to understand some best practices, whether they're on the provider side or on the manufacturer side, can use and leverage this," he said.

In this video interview, Wilkerson and Powers also discuss:

  • Top cybersecurity challenges involving legacy medical devices;
  • How the HSCC's Managing Legacy Technology Security guidance can assist entities with their ongoing medical device risk management issues;
  • What's next for HSCC guidance.

Wilkerson examines issues and developing policy related to medical device cybersecurity. She previously worked with the Office of the National Cyber Director.

Powers is a system director for healthcare technology management at Utah-based Intermountain Health. He co-leads the Health Sector Coordinating Council task group on legacy medical device cybersecurity and is vice chair of the Association for the Advancement of Medical Instrumentation's healthcare technology leadership committee.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.