By Joseph E. Fishel, CBET, MBA
Preparing for the future will take planning and decisions on the direction you want to take. There are things you can do to monitor your medical devices as well. How do you know when things change on the network? Do you get notified when a new device is introduced to the network? Can you monitor what is going on and what and where your vulnerabilities are? If a device is DHCP and the IP address changes are you able to be notified of the new IP address? Will this be an automated process? These are all important questions that need to be considered.
In talking with several HTM managers recently at the MD Expo and AAMI Exchange I found out that networked devices, on the average, make up about 10% of the HTM inventory. Yet, they are using 50% of the labor to address cyber Issues. We are being pushed to do more with less and cybersecurity tasks aren’t covered by normal original equipment manufacturer (OEM) and third-party contracts. We need new tools that work for us. We are moving into a new era that is changing what we do and how we do it.
If you had the opportunity to attend recent HTM tradeshows you would have seen some new vendors in the exhibit halls. They have a new approach to monitoring a network. They use 80 to 115 different points that they monitor or look at. Artificial intelligence (AI) is able to look at a device and from its MAC address, VLAN and the devices it is talking to it is able to determine what it is and what vulnerabilities it brings to the network.
Asimily, HMatix, Medigate, ORDR, Symantec, ZingBox, are some of the new companies coming to the HTM community to assist in identifing what is happening on our networks. They have products that can analyze data as well as identify and classify all connected devices and systems and provide detailed device and system answers regarding risks and vulnerabilities. In addition, when linked with a CMMS system, they can update fields such as IP addresses for devices with DHCP. Some programs can also help locate devices in a hospital – if linked to an RTLS system.
Being able to identify what is on the network, identify when a new device comes on, identifying vulnerabilities and, with some products, apply controls to the device and manage what it can or can’t talk to is helpful. Being able to look at when devices are transmitting, what they are transmitting with transmission times can also assist in other areas of the HTM world to help identify usage.
The acronym IoT (for Internet of Things) is being used more in the HTM world. IoT can best be described as a system of interrelated computing devices, mechanical or digital machines and the ability to transfer data over a network. When we look at medical devices that are connected to a network it is for information gathering or the redistribution of data. An example would be imaging devices and PACS. The images go from the imaging device to PACs and then to a workstation where they are read. In the process, prior exams may be sent to the workstation for comparison. We need to be able to see what is talking to what and what should or shouldn’t be talking and have the ability to control the communication.
I would suggest that you talk to the various vendors to see how they work and how they could integrate into your program. Not every tool is the right one for every issue. Find the one that fits your application. Talking to your peers on what they are choosing and why they chose it can also be of assistance when making a decision. I would also include the IS/IT department as they may have questions that you haven’t thought to ask. Also, examine how easily products can be expanded in case your facility decides to expand.
Joseph E. Fishel, CBET, MBA, is the Healthcare Technology Systems Manager with Sutter Health eQuip Services.
