3rd Party Risk Management , Endpoint Security , Governance & Risk Management
Help Available for Tackling Legacy Medical Device Security
FDA's Jessica Wilkerson, Mike Powers of Intermountain Health Discuss HSCC GuidanceHealthcare providers are struggling with protecting legacy medical devices against a rising tide of cyberthreats. New Health Sector Coordinating Council guidance can help, said Jessica Wilkerson of the Food and Drug Administration and Mike Powers of Intermountain Health.
See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities
"The issue of old, outdated, unsupported technologies within healthcare is a growing problem and one that can increase the severity of cyber incidents that can occur in the sector because they can be very difficult to protect," said Wilkerson, senior cyber policy adviser and medical device cybersecurity team leader at the FDA's Center for Devices and Radiological Health.
Medical devices too often do not receive patches or updates. "They may be very difficult to guard against current cyberthreats, because they weren't designed at a time when modern cyberthreats existed, but they still are in use. They're still providing clinical value," she said in an interview with Information Security Media Group.
While healthcare entities of all types and sizes face legacy medical device issues, the challenges can be especially difficult and risky for certain organizations - including some device makers, said Powers, system director for health technology management at Intermountain Health.
"This is a problem that's always going to be there," he said in the joint interview. But the HSCC guidance aims to assist those that are particularly challenged, he added. "Organizations that are a little less cyber-mature to understand some best practices, whether they're on the provider side or on the manufacturer side, can use and leverage this," he said.
In this video interview, Wilkerson and Powers also discuss:
- Top cybersecurity challenges involving legacy medical devices;
- How the HSCC's Managing Legacy Technology Security guidance can assist entities with their ongoing medical device risk management issues;
- What's next for HSCC guidance.
Wilkerson examines issues and developing policy related to medical device cybersecurity. She previously worked with the Office of the National Cyber Director.
Powers is a system director for healthcare technology management at Utah-based Intermountain Health. He co-leads the Health Sector Coordinating Council task group on legacy medical device cybersecurity and is vice chair of the Association for the Advancement of Medical Instrumentation's healthcare technology leadership committee.