Ushering in a New Era of Medical Device Security

Ushering in a New Era of Medical Device Security

Eddie Myers, HCISPP, CBET Director Cyber Security | HIPAA, Crothall Healthcare

Eddie Myers, HCISPP, CBET Director Cyber Security | HIPAA, Crothall Healthcare

Eddie Myers serves as the director of cybersecurity for Crothall’s Healthcare Technology Solutions division (HTS) and oversees national cybersecurity programs and initiatives for the HTS service line and its clients. Having worked in the healthcare sector for over 18 years, Myers has gained unique insights into healthcare information technologies, picture archiving and communication systems (PACS), and healthcare technology management. Myers and his team offer a variety of services, including project management, IT consulting, technical support, and security management services for clinical field operations.

Starting his career as a senior field service technician at CHRISTUS Health, Myers handled various responsibilities, including PACS administrator and program manager of clinical technology services, before joining Crothall Healthcare. During his tenure as a program manager at CREST services, he had the opportunity to learn more about HIPAA, which piqued his interest in cybersecurity.

In an interview with Healthcare Tech Outlook magazine, Myers sheds light on some of the challenges prevailing in the medical device security space and how companies can convert those challenges into unique opportunities. 

What are some of the challenges that medical device security organizations face today?

One of the most significant challenges that medical device security organizations face today is getting clients and IT departments on board with the idea that medical devices cannot be handled in the same manner as typical IT controls. Fixing targeted vulnerabilities in medical devices is a complex process. Organizations must engage with OEMs to find approved patches to fix security issues. 

Crothall Healthcare formed a strategic partnership with Asimily to overcome this challenge. The passive asset discovery tools developed by Asimily collect real-time insights into hospital traffic and build out unique device profiles for medical devices, providing insights into medical devices like never before. 

Asimily’s threat detection tools assess risks, prioritize actions, and develop mitigation strategies to reduce security vulnerabilities through state-of-the-art machine learning, artificial intelligence and deep packet analysis. These tools help accelerate the conventional method of using computers to identify the operating system and current patches and then reach out to OEMs for the manufacturer disclosure statement for medical device security forms (MDS2). 

Can you walk us through some of the latest projects you have been working on?

We continue to roll out our cybersecurity program, cyberHUB, through our strategic partnership with Asimily, to provide clients with real-time visibility into their networked devices protecting the devices from cyberattacks, hacking attempts, and employee negligence/insider threats. We collect the data from Asimily and match it to the inventory within our computerized maintenance management system (CMMS) to identify the exact device that needs to be secured or has a potential threat. For instance, in a hospital that has multiple ultrasound devices, it is not easy to find out which device may be vulnerable. By performing a gap analysis with Asimily, we can pinpoint the device with an issue and integrate the device profile into our CMMS.

Is there a particular methodology you follow while ensuring medical device security?

Being an independent service organization, Crothall Healthcare does not own medical devices or the network. In the event of a cyberattack, we operate as per our client partners’ incident response plan. 

“Crothall Healthcare, along with its partners, proactively follows numerous cybersecurity organizations and websites, such as CISA, that monitor device vulnerabilities. Our strategic partner, Asimily, keeps an eye on threat intelligence websites and adds the latest trends to their algorithm”

The first step to ensuring medical device security during cyberattacks is to take the device off the network and figure out what exactly happened. Often, government agencies show up when there is a cybersecurity attack and collect hard drives for forensic analysis. Organizations need to know how to handle such situations efficiently. The next step is to have the wherewithal to fix the equipment and eliminate any malware before deploying it back into the network for patient care. 

Crothall Healthcare, along with its partners, proactively follows numerous cybersecurity organizations and websites, such as CISA, that monitor device vulnerabilities. Our strategic partner, Asimily, keeps an eye on threat intelligence websites and adds the latest trends to their algorithm. This allows us to proactively warn our clients of any potential threats to their devices. We are constantly in the know of any potential cyber threats, allowing us to provide the best responses to our clients. 

What role do technologies like AI and IoT play in the future of medical devices?

Hospitals are leveraging technologies such as AI and IoT to make operations hassle-free. The increasing use of wireless devices is a clear indication of this trend. However, these wireless devices are not free from errors, and it is critical for hospitals to ensure that technologists and end users know how to use the device even if the wireless feature fails. It is ideal to always have a backup plan in place, especially if a scan is a life-or-death situation. 

What does the future hold for the medical device security industry?

The medical device security industry will gain more traction in the coming years. Medical devices that are rolled out without cybersecurity features built-in are prone to vulnerabilities and leave medical device security organizations at the behest of OEMs. As a result, incorporating cybersecurity features into medical devices will be the next big step in this era of connected devices. Also, the rapid adoption of SBOM’s (Software Bill of Materials) is enabling the healthcare industry to know the exact makeup of the software components in a medical device to help with purchasing and evaluating the most secure devices. By utilizing the SBOM, organizations can ensure a device is in its most secure state before being placed into service.

What would be your sage advice to your fellow peers in the medical device security space?

Medical device security will become a priority when we realize that our families are among the beneficiaries of these life-saving devices. This very thought can serve as a wake-up call to increase our efforts to stay ahead of the game and deliver secure medical devices.

Weekly Brief

Read Also

Is Chat GPT Code Red the Start of a New Epoch?

Jonathan Witenko, System Director, Virtual Health & Telemedicine, LeeHealth

The Evolving Realm of Pathology

Stephanie Whitehead, Executive Director of Pathology, University Health

Technology Innovations in Hospital Medication Management

Carol Chow, MPharm / RLSGB Head of Pharmacy, Gleneagles Hospital Hong Kong Founding Director of Biomedical Impact Association

Relevium Labs Inc.: Breakthrough in Pelvic Floor Muscle Re-education

Brent Reider, President at Relevium Labs Inc

InControl Medical: Restoring Continence Naturally

Herschel “Buzz” Peddicord, Iii, Founder & Ceo And Barbara Long, Cfo And Ann Koveck, Cco And Mitch Maritato, Coo