Medical Device Security
Medical devices are becoming increasingly smarter and more interconnected. Due to the advancements of these devices in the areas of functionality, paired with a neglect for security, healthcare organizations and their patients are at greater risk. Networked medical devices can be a gateway to a healthcare organization’s domain, opening the door to a trove of protected health information. Although some guidance has been released in the form of security frameworks and recommendations by the FDA, HIMSS, the VA, and ISO, the industry has yet to see standardization among them.
Meditology has worked with healthcare providers across the country to assess and develop medical device security programs. Our organization is uniquely qualified and capable of developing medical device programs and strategies that align with industry leading practices and existing security programs.
Our Approach includes:
- Gathering the required information to successfully document a medical device security risk management program that aligns with one or more of the recommended industry frameworks and regulatory requirements (e.g. FDA standards, Medical Device Innovation, Safety and Security Consortium (MDISS), ISO 80001, HIMSS Manufacturer Disclosure Statement for Medical Device Security (MDS2), and the VA Medical Device Protection Program (MDPP).
- Developing and documenting a formal medical device security strategic plan to ensure that vendor and medical device inventories are maintained accurately and completely.
- Presenting a formal Medical Device Security Risk Management Program Plan that details processes and procedures required to operationalize the program, including medical device isolation, network architecture, and segmentation.