By Soundharya Nagasubramanian, Director, R&D, Product Information Security
18 NOV, 2021
Hillrom’s Director of Research and Development for Product Information Security shares her perspective on cybersecurity trends and explains why keeping security top-of-mind helps organizations protect their data now and in the future.
QUESTION: What are three things about medical devices and data security that hospitals and health systems may overlook when evaluating their equipment?
The first item that may be overlooked is that medical devices should be built with safety in mind — and security is an important part of safety. Second, ongoing vulnerability assessments are an important part of maintaining security. And finally, security is a shared responsibility. Hospitals, customers and medical device manufacturers all have a role to play in keeping products and data secure.
QUESTION: What would you tell a CIO who is concerned about the risks and vulnerabilities of putting devices on their network?
It’s a valid concern and requires investment from all stakeholders to mitigate any potential risks. Manufacturers like Hillrom have invested in AV vulnerability management and coordinated disclosure programs to continuously monitor for vulnerabilities, measure risk, provide updates and regularly communicate any concerns to customers. Working with manufacturers that have invested in these types of programs helps with risk mitigation.
QUESTION: How can CIOs future-proof when purchasing and connecting medical devices to their networks and their EMR? What kinds of things should they consider?
CIOs should be thinking about how they regularly and securely push updates to the devices on their network. These updates have to be timely and non-intrusive so hospital clinicians can receive updates without any interruption to their workflow. Hillrom’s SmartCare™ Remote Management tool is a prime example of how something like this can be achieved. Manufacturers that support a strong vulnerability management program with regular device updates for vulnerabilities make better partners when investing in devices.
QUESTION: Where do you see the future of connected devices in three to five years?
Connected devices will continue to grow in sophistication and mature in the next three to five years. Game-changing technology such Block Chain and AI will be used to make workflows easier and protect devices and endpoints. This is because connectivity is the basis for a lot of advances that we are seeing in the healthcare industry and there are nearly 35 zettabytes of healthcare data to manage.1
QUESTION: What is your perspective on the role of cybersecurity in Hillrom’s products?
Hillrom invests in building security into its products; security is extremely important from our perspective. We have product security teams that work with the software engineers so that security requirements, secure design and coding principles are used in the designs of our solutions. Security-focused testing is used to confirm those features.
QUESTION: What is your perspective on the growth of cloud-based architectures for medical device connectivity?
Cloud adoption is a growing trend for medical device connectivity as healthcare leaders find more value and less risk. Especially during the pandemic, it became imperative to find ways to scale connectivity and it has fostered Cloud adoption globally.
Privacy continues to be a concern and any medical devices that adopt the Cloud have to ensure they meet privacy regulations as well. Generally, Cloud adoption is based on Microsoft®, Amazon Web Services® or Google because security and privacy are well addressed in those solutions.
QUESTION: Why is your role important to Hillrom?
I lead product security, a critical function to ensure Hillrom's solutions are built with security in mind so patient and clinician data remains adequately protected. Hillrom's mission of Advancing Connected Care™ can only be achieved with the cybersecurity-first mindset of our products and organization.
"One of the most important ways we are Advancing Connected Care™ is investing in product and data security.”