New playbook has in-depth tips for medical device cyber incident response

A security leader at Mount Sinai South Nassau offers healthcare CISOs and CIOs guidance for dealing with breaches – and being well prepared for them.

The playbook details medical device incident-response best practices according to the various levels of clinical impact that could be incurred if a device is removed from the patient and/or network. The guidance created seeks not only to lay out a representative process that organizations can use as a starting point to develop their own medical device incident response plans, but tries to lay out the minimum resources that hospitals will require in order to successfully carry out an effective medical device incident response. For example, if a threat is found on our network that impacts an infusion pump via a vulnerability in a particular version of a software component used by that pump, a common incident response process would likely include putting additional protections around other vulnerable devices or checking other vulnerable devices for signs of compromise. Q. You have said that medical device incident response is not a one-size-fits-all process and different incident response processes for different medical devices pose different patient-safety issues. The guidance considers the patient safety and clinical-workflow impacts of disconnecting the device from the network – and the impacts of disconnecting the device from the patient – and uses that as the basis of a tiered approach to medical device incident response.