Conquering Healthcare's Endpoint Protection ChallengesCynergisTek's Mac McMillan Sizes Up What Needs to Be Done
The healthcare sector is slowly making progress, yet still has a long way to go in ensuring that all endpoint devices are being effectively protected, says security expert Mac McMillan.
"One of the issues we have in healthcare is trying to get a handle on all the endpoints," McMillan, CEO of the security consulting firm CynergisTek, says in an interview with Information Security Media Group at the recent HIMSS18 conference in Las Vegas.
"The good thing is that we're starting to see some products out there to help us identify those endpoints. ... Some have the ability to look back at the configurations on those devices, or the known vulnerabilities associated with those devices and [provide] some level of risk determination with respect to them."
But most healthcare organizations don't yet know how many endpoints they have, much less the security issues that they pose, he says.
Some organizations are placing certain devices on separate VLANs "so that if something happens to one of those endpoints it won't hurt the rest of the network," he says. "We're still basically trying to isolate them from the network as opposed to recognizing that they're just part of the ecosystem that we need to do a better job managing."
In the interview (see audio link below photo), McMillan also discusses:
- More advanced endpoint security technologies that some healthcare entities are beginning to deploy;
- Special endpoint security challenges in healthcare, including those involving biomedical devices;
- Using endpoint security products for more proactive cyber threat hunting and detection.
McMillan is co-founder and CEO of CynergisTek Inc., an Austin, Texas-based firm specializing in information security and regulatory compliance in healthcare, financial services and other industries. He has more than 30 years of security and risk management experience, including 20 years at the Department of Defense, most recently at the Defense Threat Reduction Agency. He is also former chair of the Healthcare Information and Management Systems Society's privacy and security task force.