For too many healthcare technology management (HTM) professionals, navigating today’s cybersecurity landscape is akin to embarking on a trip abroad with no map and no compass – all the while trying to master a foreign language.
Two cybersecurity experts are addressing those obstacles in a new book from AAMI that seeks to establish a common language and understanding for cybersecurity in health care, as well as provide clear and practical guidance for securing medical devices.
The book, “Medical Device Cybersecurity: A Guide for HTM Professionals,” was edited by Stephen Grimes and Axel Wirth, both of whom are noted experts in the complicated and fast-changing world of healthcare technology cybersecurity. It features chapters by an array of experts with hands-on experience in putting cybersecurity concepts into action in health care facilities.
“The concept of medical device security remains relatively new to HTM professionals,” said Grimes, who is a managing partner and principal consultant for Strategic Health Care Technology Associates LLC, and a member of the BI&T Editorial Board. “Most HTM professionals have little or no training in cybersecurity and, as a consequence, are often neither familiar with cyber risks nor equipped to take appropriate measures to reduce those risks.”
Information technology (IT) experts in hospitals are limited in how they can help, Grimes added, because they typically don’t understand the “nuanced differences in how medical devices must be handled versus typical IT systems.”
This new book speaks to the unique dynamic of health care cybersecurity and the role that HTM professionals can – and should – play. It includes chapters on cybersecurity fundamentals, understanding the regulatory and standards environment, inventory and configuration management, and risk assessment and mitigation. It also includes examples of policies, purchase agreements and vendor contracts from the Mayo Clinic, Intermountain Healthcare and Scripps Health.
“We hope that the multi-author approach we took will provide insights on how several leading institutions have addressed the topic,” said Wirth, who is a distinguished technical architect at Symantec Corp., and a member of the BI&T Editorial Board. “There is no single path, and there is no one size fits all.”