The recent Webinar Wednesday presentation “Extending Clinical Engineering Security Skills” was sponsored by Cynerio and was eligible for 1 credit from the ACI.
In this 60-minute webinar, expert Chad Holmes dissected the health care ransomware risk landscape, discussed the motives of attackers and demonstrated the latest approaches to secure connected devices. With the rapid increase in recent ransomware attacks, health care providers are trying to adopt new and innovative strategies to prevent breaches and protect patients. A report shows that 1 in 5 hospital breaches originate from an IoT or medical device, leading to a growing interest in extending the skills of biomedical and clinical engineering team members to include a greater focus on security in their day-to-day routines.
Holmes covered a variety of items, including:
- Identifying and determining next steps for active devices with manufacturer recalls;
- Surveying devices with default credentials/configurations and researching the associated risk;
- Analyzing device traffic to identify and prevent potential malware attacks; and
- Investigating and addressing active attacks on devices such as MRIs and IV pumps.
He also answered questions following his presentation.
One question was, “How much of the security workload should we expect biomedical engineers to pick up?”
“My dream scenario is that biomed engineers are security aware,” Holmes replied. “They have some baseline knowledge of what to look out for, and then when a command is given to them, a ticket is open, whatever the communication pattern is, they feel comfortable in making those changes on devices to improve security, much like they would if there were any other patches or updates that needed to be made for functionality.”
“I don’t think the overall strategic or forward-thinking impact is going to be on biomedical engineers – that’s going to exist more in IT and leadership and security,” he added. “But in terms of updating devices to address specific security issues, I think most probably 30 to 40% of the actual effort is going to be done by biomedical engineers. Now, that’s not saying you’re going to have a 30 to 40% increase in efforts. What it’s saying is, you may receive a few more tickets here and there to update devices. So, again, the responsibility is split.
Another question was, “Lots of hospitals are getting hit by ransomware. Is this something that will get worse before it gets better?”
Holmes predicted continued attacks.
“I’d expect the healthcare industry to see more attacks before it starts to slow down,” he said.
He answered more questions regarding cybersecurity. A recording of the webinar, including the Q&A session, is available for on-demand viewing.
More than 100 individuals registered for the final Webinar Wednesday presentation of 2021.
Attendees provided positive feedback via a post-webinar survey that included the question, “Why did you attend today’s webinar? And was it worth your time?”
“Cybersecurity is one of the hottest topics in biomed right now and we all need to be doing our homework to protect our patients and our organizations. Yes, this webinar was worth my time,” Clinical Engineer M. Barton said.
“I attended to learn more about the current status of cybersecurity in health care. It was valuable to know the impact to the industry,” Associate Director L. Robert said.
“I wanted to learn more about how to protect my equipment from cyber-attacks. Yes,” Tech Manager and BMET II C. Bottomley said.
The Webinar Wednesday series recorded 5,346 registrations in 2021 with just less than 100 attendees per session. The final numbers show an average of 90 attendees per webinar.
For more information, including the 2022 schedule and sponsorship opportunities, visit WebinarWednesday.live.