Identity and access management continues to be a top medical device cybersecurity challenge, says security expert Mark Sexton of the consultancy Clearwater, formerly known as Clearwater Compliance.
"A number of these devices cannot be integrated into normal technical controls, like Active Directory, that you use on your network to manage user access and monitor that activity," he notes in an interview with Information Security Media Group.
Plus, many medical devices are still running legacy operating systems, he notes. In fact, some experts estimate that by the end of this year, as many as 70 percent of medical devices will be running on operating systems that will no longer be supported, Sexton says.
"That makes any network administrator security person's hair stand up on their neck because those are all vulnerable, low-hanging fruit from a security perspective," the consultant adds.
In the interview (see audio link below photo), Sexton also discusses:
Why asset management continues to be a top cybersecurity challenge for medical devices; Other critical medical device challenges; Tips for improving medical device security.Sexton is principal consultant at the privacy and security consultancy Clearwater. He is also a founding member and former secretary of the Southwest Chapter of the Cloud Security Alliance and holds multiple industry certifications. Previously, Sexton was manager of information systems and HIPAA compliance officer at the University of Nevada's School of Medicine.