Equipment Management is the Key to Cybersecurity
It seems like every week there’s another ransomware attack that cripples a hospital’s daily functions and puts patient information at risk, so cybersecurity an increasingly important issue to be on hospital administrators’ minds. Even smaller health care practices are filled with scanners, monitors, and PCs that all connect to one network and share massive amounts of sensitive data.
How do you manage and account for every piece of equipment in order to protect your network? Start with answering the following questions:
What equipment is on your network? IT teams may not be as attentive to items that are used infrequently or out of service but still connected. An inventory of the medical equipment you have gives you a comprehensive picture of:
- What is connected to your network
- Where PHI is stored
- Where assets are physically located for maintenance
Which equipment is most vulnerable? Although newer equipment is more interconnected, outdated equipment may have fewer cybersecurity protections and therefore be easier to hack, allowing access to the rest of your network. The inventory should include:
- Date of installation or manufacture (if applicable)
- Software versions
- Operating systems for anything with a PC
- Condition assessment
This determines the age and usability of your equipment so you know whether they can be updated or should be considered for removal.
What is the plan to maintain equipment cybersecurity? Once you know what equipment you have on your network and what condition they’re in, plans can be made for ongoing preventive maintenance:
- Determine how software for PHI is upkept on each item (through the vendor, IT, biomed, etc.)
- Use those routes to find and implement all possible updates
- Regularly schedule checks for future system updates
If the equipment is no longer supported by the OEM or hasn’t had a new software version/OS in years, it may be time to replace it.
You’re only as strong as your weakest link, and with everything from pacemakers to fixed imaging systems connected to one network, it can be easy to overlook items that store patient data and leave weak spots in network security.
Adding these points to your facility management strategy ensures the control is back in your hands and maximizes protection against future cyberattacks.
MRG Appraisal of the Month:
Haag Streit BM900 Slit Lamp
Halloween Fun Fact:
Ohio has the most haunted places of any state, topping in at 111 sites. It’s not all historic houses and asylums though. Hauntings have been reported at Heather Hills Hospital in Chardon, Southwest General Hospital in Middleburg Heights, and Nationwide Children’s Hospital in Columbus.
Your assets could be costing you more than they’re worth. Unaccounted equipment increases costs associated with preventative maintenance, storage, and insurance.
If it’s been more than 3 years, it may be time to update your ledger.
Many surgery centers don’t have an active ledger to work off of, but who has the time to go through every piece of equipment they own?
Manage Resource Group’s I&A services help with:
Did you know that past audits reveal only a 15%-20% match rate when reconciling against old ledgers?
- Verify the assets located on the property
- Easily track equipment and maintenance throughout its lifecycle
- Add, amend, or delete line items as they come in/out of service to contain facility costs
Do you know what equipment should be replaced? What about which systems present a cybersecurity risk?
- Capture demographics such as condition, age, software, etc.
- Identify the systems on your network that may be weak spots for ransomware attacks
- Determine which items should be upgraded or are no longer needed based on condition assessments
Are you paying too much insurance on your assets? Or not enough should potential litigation arise?
- Appraise assets to better understand insurance requirements for the property
- Make sure you’re covered for what you have installed and in-use
We Inventory and Assess All Assets
– Medical Equipment
– IT Equipment
MRG handles your I&A needs to keep you informed and empowered! To learn more, contact our equipment specialists at (888) 557-4797 or email@example.com.