Federal regulations lay the groundwork for cybersecurity initiatives across both the private and public sectors.
In the financial industry, for instance, the U.S. Securities and Exchange Commission holds firms accountable to guidelines based on National Institute of Standards and Technology framework. Cloud providers that wish to work with the federal government go through FedRAMP compliance efforts to bring themselves up to standards.
The list goes on.
In healthcare, federal cybersecurity regulations such as Health Insurance Portability and Accountability Act and HiTech play an important role. However, a particularly vulnerable area of healthcare tech – medical devices – remains loosely regulated by federal agencies. As such, several companies (with the government’s blessing) have taken matters in to their own hands. A collection of device manufacturers and hospital systems have authored a “joint security plan” to try to manage some of the security gaps that remain open for medical devices.
This plan, published by the Healthcare and Public Health Sector Coordinating Council, represents an important step forward, indicating that both device makers and treatment facilities are engaged in solving problems rather than pointing fingers. Both sides are showing their dedication to collaborative management of device security.
While the joint security plan is a positive step, it realistically is unlikely to solve all medical devices’ security woes.
To overcome these challenges, organizations must address four significant obstacles within their security plans:
- Hackers have made healthcare companies a target due to the lack of security and high value of personal health information. This means higher innovation risk, putting a greater onus on device makers to keep up with new hacking methods.
- Some devices are built to last for more than a decade, meaning their security features run the risk of becoming obsolete.
- HIPAA regulations limit third-party data access – this makes it difficult for device manufacturers to supply update patches to hospitals.
- Hospitals are under-equipped to patch their own devices. Most don’t even have room within their budgets for a fully staffed in-house security operation.
For both device makers and hospitals, help is available in the form of third-party cyber security specialists. Partners for managed security and products for patch management can help hospitals keep their devices up to date without additional internal resources. And secure development consultants can help device makers build security into their processes.
Whatever the security need, Lunarline can help device developers and hospitals alike maintain top security standards. For information about the services we provide, contact us today.