Selecting a Passive Network Monitoring Solution for Medical Device Cybersecurity Management.

The number of cyberattacks and information system breaches in healthcare have grown exponentially, as well as escalated from accidental incidents to targeted and malicious attacks. With medical devices representing a substantial repository of all the assets in a healthcare system, network security and monitoring are critical to ensuring cyber hygiene of these medical devices. Because of the unique challenges of connected medical devices, a passive network monitoring (PNM) solution is preferred for its overall cybersecurity management. This article is intended to provide guidance on selecting PNM solutions while reinforcing the importance of program assessment, project management, and use of leading practices that facilitate the selection and further implementation of PNM solutions for medical devices. The article provides a detailed introduction to connected medical devices and its role in effective care delivery, an overview of network security types and PNM, an overview of the National Institute of Standards and Technology Cybersecurity Framework and its application for program assessment, essentials of project management for PNM solution selection and implementation, key performance indicators for measuring a solution's ability to meet critical cybersecurity needs for medical devices, and lessons learned from the author's professional experience, selective literature review, and leading practices. Rather than describing a complete list of guidelines for selecting PNM solutions, the current work is intended to provide guidance based on the author's experience and leading practices compiled from successful medical device cybersecurity programs.

The Role of Healthcare Technology Management in Facilitating Medical Device Cybersecurity.

This article discusses the role of healthcare technology management (HTM) in medical device cybersecurity and outlines concepts that are applicable to HTM professionals at a healthcare delivery organization or at an integrated delivery network, regardless of size. It provides direction for HTM professionals who are unfamiliar with the security aspects of managing healthcare technologies but are familiar with standards from The Joint Commission (TJC). It provides a useful set of recommendations, including relevant references for incorporating good security practices into HTM practice. Recommendations for policies, procedures, and processes referencing TJC standards are easily applicable to HTM departments with limited resources and to those with no resource concerns. The authors outline processes from their organization as well as best practices learned through information sharing at AAMI, National Health Information Sharing and Analysis Center (NH-ISAC), and Medical Device Innovation, Safety, and Security Consortium (MDISS) conferences and workshops.