Tips on Tackling Medical Device Cybersecurity ChallengesSecurity Expert Evan Francen on Struggles Facing Healthcare Organizations
To ensure data integrity and patient safety, healthcare organizations must tackle a number of medical device security challenges, ranging from asset management to patching, says security expert Evan Francen.
"Some of the healthcare entities I've spoken to recently are not even sure where all their medical devices are," which makes it difficult to ensure all devices are actually protected, Francen says in an interview with Information Security Media Group.
Without patches from vendors, especially for older devices running legacy software, healthcare entities "often are not able to do anything to address the vulnerabilities found in these devices," he notes. On top of that, he adds, "many times you can't put anti-virus software on some of these systems."
Those issues force healthcare entities to consider other moves, including network isolation of devices, he notes. "But it's a never-ending struggle."
In the interview (see audio link below photo), Francen also discusses:
- Other top cybersecurity challenges facing healthcare entities;
- The rise of phishing and ransomware attacks;
- Promising security technologies and underutilized security controls.
Francen is CEO and co-founder of information security consulting firms FRSecure LLC and SecurityStudio, both based in Minnetonka, Minn. He has extensive experience working with governmental and industry-specific frameworks, regulations, standards and guidelines, including the National Institute of Standards and Technology's Cybersecurity Framework, HIPAA and the Federal Information Security Management Act. His previous leadership roles include director of information security at a pharmaceutical company.