Medical devices are growing exponentially - globally at a current rate of 20% per annum. Unlike traditional compute devices they lack the protections of antivirus, host firewalls and most other basic forms of security. Furthermore, their limited CPU and memory, and customized or embedded operating systems make the addition of host-based security protections a pipe-dream. Lack of ongoing vulnerability testing combined with slow vendor patch cycles make these devices especially vulnerable to attack. What really drives the nail in the security coffin is that most are not managed by IT but by BMETs and other clinicians most of whom don’t have a good grasp of cybersecurity. In fact, the vast majority of hospitals do not even have an accurate inventory of the medical device assets attached to their networks, so how can they possibly evaluate risk and put in place adequate protections?
With increased focus from both cyber criminals and OCR, medical devices present one of the greatest unmitigated risks to hospital data. Not only is confidentiality of data at risk for those devices that create and process PHI, but also the integrity and availability of all critical health IT systems when medical devices are used as an attack foothold on the network.
This session will evaluate the threats, vulnerabilities and risks of medical devices and other healthcare IoT assets and suggest approaches to manage and “deal with” this growing threat.