Sponsored by Medigate
By Jonathan Langer
The Internet of Medical Things (IoMT) is revolutionizing the process and practice of patient care. Also known as “connected medical devices,” they generate, collect, analyze and transmit patient data. Whether they’re stationary or mobile, internally or externally deployed, connecting to home, public WiFi or cellular networks, the problem for health systems is at some point they’re connecting to enterprise networks.
Furthermore, as these devices frequently enter and exit the landscape at different intersections, each presents its own dynamic set of risks. Not only were traditional network security protocols not designed to address them, but managing each device’s whereabouts, let alone its effective operation, maintenance and security, has become an overwhelming challenge. The increasing interconnectivity of IoMT-enabled devices collecting and sharing patient data hasn’t just dramatically increased points of patient data security failure, but have also exposed numerous systemic deficits, including vulnerabilities directly related to the provisioning of timely patient care.
MarketsandMarkets has projected the global IoT medical devices market to reach $63.43 billion by 2023. That represents growth from $20.59 billion in 2018, at a compound annual growth rate of 25.2% over the period. Those aren’t just impressive growth statistics. They reflect a revolution in care.
Meanwhile, health care’s attack surface remains the most vulnerable and lucrative target for bad actors across industry. What’s notable is that the threats are now accepted as real and the potential danger to patients is no longer the subject of debate. That recognition has led most every related problem-facing regulatory authority to converge around a practical, common-sense precept: care providers must know the assets connected to their networks and take deliberate steps to secure them. To be fair, although these same regulators appreciate that cybersecurity threats cannot be eliminated, they are still making it clear that cross-functional teams must collaborate and adopt a proactive approach to managing the risks.
If the goal of connected medicine is to further develop our understanding of the patient, then the need for health care technology management (HTM) professionals to develop a contextualized and actionable understanding of the devices critical to their care is self-evident. This pursuit requires far more enlightened expressions of clinical network visibility. We can no longer limit our thinking to device discovery and superficial identification. Although many health systems would be thrilled to know that much, the point is, it is not near enough detail to address today’s challenge-set.
HTM professionals must take a step back, recalibrate and adopt a no-compromise approach to clinical visibility. Modern day clinical visibility should mean a real-time line of sight to every connected asset, because a continuously refreshed, fully profiled and dynamic, risk scored inventory is what’s required. Beyond make, model and IP address, we’ve got to know everything about the device including, where it is, network status, its firmware-specifics and the underlying details of its security posture.
From a risk assessment perspective, we must have the ability to instantly correlate device-specific vulnerabilities and threats, put our hands on accurate remediation instruction-sets, have insights into patient and operational impacts if the device is compromised and/or decommissioned, and an audit trail detailing our efforts. Also, we must know the operating requirements and authorized workflows of each device including internal/external connections, content flows, how the device is being utilized, when it is being used and who is using it. And if we can’t fix a problem even when we understand it, then at a minimum, we must have the ability to apply compensating controls with prioritized precision.
Although we don’t always regard them as such, this data is health care’s new currency. Maintaining a connected medical device ecosystem hinges on technologies that can support the kind of visibility just described. Only then can we confidently identify which assets are secure, available and providing the data-driven interoperability that lowers costs and improves patient care. Furthermore, if we don’t have these data, then we can’t share them when necessary – in times of crisis. As stated, a continuous, device-specific monitoring capability is needed, along with threat modeling analysis, mitigation and remediation practices that are proactive and collaborative. It’s a visibility-fueled security design that appropriately views every connected asset as the weakest link in the system.
For more information, visit medigate.io.
Jonathan Langer is the CEO and co-founder of Medigate. The views expressed here are those of the author and do not necessarily represent or reflect the views of TechNation or MD Publishing.