By Joseph Fishel, CBET, MBA
Were you ready for BlueKeep? Are you ready for the next one? If you have been following along and making use of my suggestions and recommendations, I hope things are going well. An identified vulnerability is one scenario that you should have a developed and documented in your process or playbook of procedures. I will walk you through the steps using the techniques and processes we have been developing. This is a basic example of a vulnerability playbook. Clinical engineering and biomedical engineering have actually been doing much of this for years for recalls and device upgrades. The only difference is that these devices have an unknown factor as to what can happen, when it can happen and by whom.
Here are some basic steps using the mitigating controls that we have discussed and they should be implemented to work through a remediation. Let’s start.
1. You are notified of a new vulnerability.
2. Get all of the information you can accessing the device on the vulnerability to identify fully what the vulnerability is. Your IS/IT department may be able to assist.
3. Identify which devices are affected.
Knowing these different things and what is available can save time in dealing with a vulnerability or it may already be protected due to things that you have put in place.
4. Identify the remediation steps to be taken for the different classes of vulnerable devices. Also you can create a priority list to address the most vulnerable or temporary remediating steps such as closing a port.
5. Verify that the remediation was successful
6. Track what you do for remediation.
7. Did you have any issues?
Vulnerabilities are not going away. The Internet of Things (IoT) is becoming the norm of medical equipment as we move to put more data at the fingertips of clinicians. New algorithms and applications are being developed every day to integrate medical devices.
© 2018, TechNation Magazine. Site designed by MD Publishing, Inc.