By Inhel Rekik
HTM departments are overwhelmed with information on what they need to do to build their medical device security program and don’t know where to start.
It’s important to start with an accurate inventory and cyber profiling of medical devices. This means gathering: MAC addresses, IP addresses, hostnames, types of the network connection, operating systems and application software version on the device and keeping this information current in the CMMS system. Collecting this information will require touching every single networked device in your inventory.
This can be a major endeavor for some. HTM should either dedicate time for this effort or resort to hiring a third-party company to do it. The collected information should be centrally available for the HTM team and IT team.
Network attributes such as IP addresses and Mac addresses help the IT security and network team perform vulnerability scans on these medical devices as well as set up firewall rules.
HTM members need to familiarize themselves with all types of operating systems and how they are patched. Knowing the OS of every medical device helps with life cycle management of medical devices. For instance, HTM can either upgrade or replace medical devices whose operating systems are near or at end of support. For the devices that have an operating system that is no longer supported and cannot be replaced, HTM will need to provide a security exception request to the IT security team to have compensating controls put in place such as a physical firewall.
Having an accurate inventory of operating systems and application software versions running on the medical devices help quickly identify which medical devices are impacted with certain vulnerabilities. This will help to start the remediation or implementation of compensating controls.
HTM should have a standard on how hostnames are assigned to medical devices that will easily identify the facility, department and the device. These should be registered with the network team. Hostnames are often what the Security Operation Center provides to the HTM team with when they detect that a device is infected with malware. Oftentimes medical devices are shipped with default hostnames and will require additional efforts from HTM and the networking teams to change and register new hostnames.
In conclusion, HTM will need to cyber profile any new medical device and make sure that this information is kept accurate in the CMMS system. This effort will save time and effort in the long run and will make preventing and addressing a cyber incident easier.
Inhel Rekik is Director of Health Technology Security at MedStar Health.