Medical Device Security Best Practices From Mayo Clinic

Kevin McDonald, director of clinical information security at Mayo Clinic, says ensuring the security of medical devices requires several specific steps, stressing that there’s no “silver bullet” that can do the job.”Because of the way that some of these devices are built so well, from a physical standpoint, you can use some of these machines for 10 or 20 years,” he says in an interview with Information Security Media Group. “We’re going to have to figure out how we can manage the software over that lifespan as well and make sure that that stays secure.”If that cannot be done, he says, “we’re going to have to figure out some way to be able to just box things off into a separate area where we’ve got them isolated, we’ve increased the monitoring of them and are able to use a lot of other compensating controls.”Everyone is looking for a silver bullet – an easy solution to device security, he acknowledges. “We have companies all the time calling us trying to sell us a whole box of silver bullets. But it’s going to take a combination of user education – so that people who use these devices on patients have a better cybersecurity awareness – and healthcare delivery organizations i