How can healthcare organizations better address the many challenges they face involving the cybersecurity of legacy medical devices? Device security specialist Ben Ransford offers insights on critical steps that can help reduce the risks.
"The biggest challenge that providers face is ... the lack of knowledge about the devices they have," says Ransford, CEO of healthcare cybersecurity firm Virta Labs.
On average, hospitals have 14 to 16 medical devices for each inpatient bed, he estimates, which means the scale of the security problem is enormous, he says in an interview with Information Security Media Group.
And with a lack of information about the security properties of all their hundreds of devices, he says, "it's really hard to get started on anything related to security."
Some "short cuts" are available to help create an accurate inventory of medical devices, including the use of commercial and open source tools to help with the process, he notes.
Old Software
Another top challenge for securing older devices is that many are running outdated software, such as operating systems that are no longer supported by vendors, he says.
"This is the major issue with legacy medical devices: A lot of them are just never going to get updates again. The software is beyond its serviceable lifetime," he says.
"If you can't sunset these devices - old-fashioned network basics, such as being able to segment them into their own segments, can go a really long way."
In the interview, (see audio link below photo), Ransford also discusses:
Top "people problems" that contribute significantly to the challenges involving legacy medical device security; Other tips for addressing legacy medical device security issues; Predictions about medical device cybersecurity trends in the year ahead.Ransford, Ph.D., is co-founder and CEO of Virta Labs, which helps healthcare providers integrate cybersecurity into clinical workflows. He has spent a decade supporting patients, healthcare providers and manufacturers as they grapple with the realities of connected healthcare.