How to make the case for medical device security

Medical device security is a growing concern in healthcare IT. Issues include limited visibility into devices on the network and ownership disputes between clinical engineering, IT, and security. Acquiring security tools can make things worse if not properly administered or managed. David Finn recommends a holistic approach, prioritizing risks and implementing solutions over time. Critical risk categories include clinical, organizational, regulatory, and financial risks. The goal is to become resilient rather than risk-free. Hospitals should also prepare and rehearse for cybersecurity events. David Finn will discuss best practices at HIMSS21.