Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Analysis, Inspection and Laboratory
LeftNav
Assisted/Independent Living
LeftNav
Clinical and Nursing Equipment
LeftNav
Design and Manufacture of Medical Equipment
LeftNav
Diagnostics Equipment, Monitoring and Test
LeftNav
Education, Training and Professional Services
LeftNav
Health Education and Patient Management
LeftNav
Health Estates Management
LeftNav
Healthcare Support and Information Services
LeftNav
Hygiene and Infection Control
LeftNav
IT and Communications in Healthcare
LeftNav
Materials
LeftNav
Medical Device Technology
LeftNav
Research and Development
LeftNav
Safety and Security
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Health Zone
Pro Security Zone
Web Lec
Pro Engineering Zone
 
 
Editor's Blog and Industry Comments

The dilemma of patching medical device software

10 August, 2015
ForeScout Technologies explains the predicament faced by Healthcare IT staff in patching downlevel software to maintain security compliance without breaching regulatory requirements.


Network security company, ForeScout Technologies, has released a white paper called "Securing your medical devices and healthcare networks"  aimed at IT professionals in the healthcare industry on dealing with the requirements to keep software levels up to date on IT equipment whilst continuing to meet strict regulatory requirements on the change process for clinical devices.



It could be said that the healthcare industry is already no stranger to the Internet of Things (IoT) since it's already well-established in the industry that clinical devices are becoming more connected and are being integrated with back office IT systems to enable improved collaboration of patient information.



However, such highly integrated networks come at a cost associated with the risk of such equipment becoming compromised with malware. Such an attack could interfere with the base function of the equipment or could result in privacy breaches relating to patient information.



One of the many methods of keeping connected devices secure is to ensure that the software they run is regularly "patched", meaning the software is updated with new releases and bulletins issued by the manufacturer. These updates often fix security vulnerabilities which is why they're important to install.



However, as mentioned in the new 12-page report from ForeScout Technologies, this can result in a dilemma for the IT engineer, who has to balance security policies with regulatory requirements, which may state that changes to software could invalidate the certification for the use of the equipment for healthcare purposes.



Knowledge is power



Part of the solution to this dilemma is having insight into what devices are connected to the network and what their security position is. By identifying which clinical engineering devices are attached to the network and pinpointing unpatched or unsupported software, ForeScout's CounterACT product provides the necessary knowledge to engineers to enable them to make decisions.



We spoke to Jan Hof, the International Marketing Director at ForeScout Technologies, who told us, “As cyber threats continue to evolve, healthcare organisations have to rethink how to ensure they achieve security, privacy and compliance, while not impacting patient care services”.



“Healthcare organisations face additional IT complexities because not only do they need to serve a broad user community of employees, contractors, visiting doctors, caregivers and visitors – all with different computing needs and restrictions – but they also have many different types of equipment on their network, some of which use very specific software and operating systems, such as heart monitors and respiratory machines. With ForeScout CounterACT we can provide visibility into what devices are on the network, including laptops, desktops, mobile devices, as well as specific clinical engineering devices. In addition we can verify their security posture and, based upon policy, take actions to remediate non-compliant devices, or make admission decisions to maintain security and compliance, in line with specific healthcare regulations,” Hof continued.



Download the "Securing your medical devices and healthcare networks" white paper.





Jonathan Newell is a broadcast and technical journalist specialising in security systems and transport safety. He contributes to a range of titles in the technical press. He shares his time between the UK and Kazakhstan



 


Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProHealthServiceZone.com
Netgains Logo