AAMI News April 2019

AAMI Exchange to Spotlight Cybersecurity Challenges, Solutions

Although medical devices are among the most critical assets in a clinical network, they also are among the weakest links when it comes to cybersecurity. During the AAMI Exchange, AAMI’s growing and revamped Annual Conference & Expo, attendees will have the opportunity to learn from cybersecurity experts about the risk status, threats, and vulnerabilities of networked medical devices in addition to effective methods for analyzing their systems and protecting their organizations—and patients.

AAMI ExchangeThe cybersecurity track, which is sponsored by Symantec, will be presented alongside other thematic groupings devoted to topics such as healthcare technology management and the global community.

Planned sessions during the event, which will be held June 7–10 in Cleveland, OH, include:

Cybersecurity for HTM Professionals: Overview of Resources and Leading Practices

This presentation will offer practical steps for addressing the unique challenges of medical device cybersecurity and describe the role that healthcare technology management (HTM) professionals can—and should—play in helping overcome those challenges. It will include a review of cybersecurity fundamentals, inventory and configuration management, risk assessment and mitigation, and incident response, as well as provide insights into the regulatory and standards environment.

Connected Medical Devices: Mitigating Security Risks

The WannaCry ransomware attack affected hospitals around the world and, for many, brought the realization that any device connected on the network is at risk. The international standard ISO/IEC 80001 presents a unified approach to the safety of medical devices connected to information technology (IT) networks. This session will review industry-leading practices for securing and supporting connected medical devices on hospital networks based on this standard.

Understanding Cyber Risk and the Mindset of Compliance Assessors

Medical device and health technology companies struggle to deliver and maintain secure, compliant products and services, while healthcare providers risk compromising patient privacy and safety due to unknown vulnerabilities in their IT and medical device infrastructure. This session will help attendees understand how the risk analysis and compliance assessment process works. By understanding the risk analysis process and the threats and vulnerabilities that need to be identified and mitigated, device manufacturers and health technology companies can become integral parts of the solution.

Creating a Consolidated Enterprise Risk Analysis of Networked Medical Systems

Risk analysis in the Department of Veterans Affairs historically has been an individual assessment—a process that is repetitive, inefficient, and doesn’t allow for objective enterprise review of risk. The team of presenters for this session recognized two opportunities to improve the process of analyzing risk for networked medical equipment. One was for biomedical engineering to cooperate with enterprise information security and IT during risk analysis reviews. Second, the team recognized that risk is an intrinsic property of the equipment make and model. These process improvements were pivotal in driving improved workflow and risk mitigation strategies across 23 healthcare systems.

Securing Healthcare Networks: Mitigating Risk for Medical Imaging Devices

This presentation will demonstrate how picture archiving and communications systems (PACSs) can be secured in healthcare delivery organizations. Securing PACs can limit exposure to a threat vector that could act as a point where an attack could occur or serve as a pivot point into an integrated healthcare information system. The solutions presented during this session will apply to a range of connected medical devices.

Automating Medical Device Cybersecurity Risk Assessments and Remediations

A medical device cybersecurity breach becomes more costly the longer it takes to identify and remediate. Automating the collection of medical device network information and Manufacturer Disclosure Statement for Medical Device Security data eases the burden on HTM staff and continually maintains and validates the inventory of all connected devices. Real-world examples and results from one healthcare system will be provided.

To register, visit www.aami.org/AAMIExchange.