This week we were lucky enough to hear from Jay Radcliffe, senior security researcher at Rapid7, in the webcast, "Healthcare Insomnia: Get the Prescription to Secure Unique Devices, People, and Organizations". Healthcare environments are complex - they're combining devices and data that have been around for 20+ years with the newest technology in town. It's a constant balance between the desire to provide the latest and greatest in patient care, budget concerns, security and regulatory concerns, and more. Read on to learn the top 3 takeaways from Jay Radcliffe's talk on what makes medical environments especially difficult to secure:
1. Small mistakes can have major (deadly!) consequences – Security in the healthcare industry is unique because a failure in their systems and networks can come at a high price by directly impacting a patient's health. It's an inconvenience to have your credit card data compromised; it's life-altering and potentially life-ending to have your medical device compromised.
2. Excellent patient care & security of devices are directly related – Security professionals need to raise security awareness among medical professionals. Medical professionals want to provide the best patient care possible, and will try to bring in new technologies to accomplish this. However, they will often do this without understanding how wireless & other capabilities of a device can put a patient at risk if not secured properly. It's up to security professionals to educate those around them on the implications of vulnerabilities in medical devices. The more security conscious everyone else is, the easier IT & security's jobs will be.
3. IT should be involved early and often – Any time medical professionals are trying to bring in new technology, the best way forward is the one that includes IT from the get go so they can ensure the new device will work within the current network, and won't impact organizational or patient security. While forcing assessments of a large medical facility or new medical device is costly - when you are looking to spend millions on something you'll be using for 10+ years, it's absolutely worth spending the money up front to make sure an environment or product is secure.
For more insights on how security professionals in the healthcare industry can identify what's occurring on their networks, protect patients/vital resources/facilities, balance security needs with expectations from medical professionals and executives, and ensure medical devices are secure and will pass FDA & FTC regulations, view the on-demand webcast now.