TRENDING:

Endpoint Security , Governance & Risk Management , Internet of Things Security

Why Securing Medical Devices Is So Challenging

Matt Russo of Medtronic and Ken Hoyme of Boston Scientific on Bolstering Cybersecurity Marianne Kolbasuk McGee (HealthInfoSec) • December 17, 2019     15 Minutes   
Why Securing Medical Devices Is So Challenging
Matt Russo of Medtronic (left) and Ken Hoyme of Boston Scientific

Improving the security of diverse medical devices is a major challenge for a variety of reasons, according to security leaders at two device manufacturers, who spell out the key issues.

"Securing an implantable device is a lot more difficult than securing an X-ray machine or something that sits in a hospital network its entire lifecycle," says Matt Russo, senior director of product security at Medtronic, in an interview with Information Security Media Group.

"It's not a one-size-fits approach - you really need to have a unique threat modeling and risk management approach to designing security mechanisms into products and making sure they stay updated and current throughout the entire lifecycle. It's really important to balance security and usability of those products as they're meant for clinical application."

Organizational Diversity

But it's not just the variety of medical devices that makes securing these products so challenging, says Ken Hoyme, director of product security of Boston Scientific, in this joint interview.

"The other aspect of diversity in our environment is the wide varying sizes of organizations - on the manufacturer and the healthcare system side," he says. "You have large hospital systems with very sophisticated cybersecurity capabilities, and then you have smaller community hospitals with maybe one or two people on their staffs" to address security.

"You have manufacturers with multiple staff focused on cybersecurity, and you have the small start-ups that are trying to get their product on the market."

Every stakeholder, regardless of size, plays a critical role in keeping these devices protected, the two device manufacturer executives stress.

In the interview (see audio link below photos), Russo and Hoyme discuss:

  • Challenges involving legacy medical devices;
  • Trends involving potential cyberattacks on medical devices;
  • Tips for healthcare sector entities to improve the cybersecurity of medical devices.

Russo and Hoyme are co-chairs of a medical device cybersecurity conference to be hosted by the University of Michigan's Archimedes Center for Medical Device Security Jan. 27-28 in New Orleans.

Russo, senior director of product security for Medtronic, is focused on the evolving device security landscape. He was previously a senior manager at the consulting firm Deloitte & Touche.

Hoyme, director of product security at Boston Scientific, has 35 years' experience in the design of regulated safety-critical secure systems. He is past co-chair of the Association for the Advancement of Medical Instrumentation's device security working group. Previously, he spent 18 years at Honeywell's corporate research lab, where he was a senior fellow.

Previous
Analysis: A Better Approach to Cyber Defense
Next
Gartner's Avivah Litan on the Rise of 'Fake Everything'



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.