Equipment Management is the Key to Cybersecurity
It seems like every week there’s another ransomware attack that cripples a hospital’s daily functions and puts patient information at risk, so cybersecurity an increasingly important issue to be on hospital administrators’ minds. Even smaller health care practices are filled with scanners, monitors, and PCs that all connect to one network and share massive amounts of sensitive data.
How do you manage and account for every piece of equipment in order to protect your network? Start with answering the following questions:
What equipment is on your network? IT teams may not be as attentive to items that are used infrequently or out of service but still connected. An inventory of the medical equipment you have gives you a comprehensive picture of:
- What is connected to your network
- Where PHI is stored
- Where assets are physically located for maintenance
Which equipment is most vulnerable? Although newer equipment is more interconnected, outdated equipment may have fewer cybersecurity protections and therefore be easier to hack, allowing access to the rest of your network. The inventory should include:
- Date of installation or manufacture (if applicable)
- Software versions
- Operating systems for anything with a PC
- Condition assessment
This determines the age and usability of your equipment so you know whether they can be updated or should be considered for removal.
- Determine how software for PHI is upkept on each item (through the vendor, IT, biomed, etc.)
- Use those routes to find and implement all possible updates
- Regularly schedule checks for future system updates