Industry Leaders Look to ‘Future-Proof’ Medical Devices

Posted October 3, 2017

Leaders from medical device manufacturers and healthcare delivery organizations, as well as security professionals working in the healthcare industry, are looking for ways to effectively address emerging cybersecurity threats—before they are fully understood or even apparent.

This will be the focus of the upcoming Future-Proofing Medical Device Security conference, which is being hosted in conjunction with the annual Cyber Security Summit. The half-day conference will take place on Oct. 23.

For Ken Hoyme, co-chair of AAMI’s Device Security Working Group, “future-proofing” means designing medical devices with security in mind.

“Medical devices are in use for 10 years or more, and it is difficult to anticipate the threat environment toward the end of use of the device,” Hoyme said. “’Future-proofing’ means designing security in at the front in a way that you can upgrade and modify it if the nature of the threats changes in the future.”

Hoyme, who is director of product and engineering systems security at Boston Scientific, will present during two conference sessions: a “threat briefing” and a panel discussion on standards and other resources.

“I hope to highlight that device security is far more than data privacy (e.g., HIPAA),” Hoyme said. “Medical devices are used in the diagnosis and treatment of disease, and as such, integrity and availability are important properties to manage.”

Hoyme plans to discuss several relevant standards and resources, including AAMI’s technical information report, TIR57, and the 80001 family of standards on networked medical device risk management.

“Interoperable medical devices and decision support systems have many benefits for patients; however, without standards in the security space, these benefits might come with an unacceptable level of risk,” Hoyme said. “Standards provide a guide for organizations that may not be experts in security technology to be able to build it into their devices.”

AAMI members interested in attending the Future-Proofing Medical Device Security conference or the Cyber Security Summit can receive a 10% discount on registration by using the code AAMI10.