Medical Device Security Program
Our Medical Device Assessment and Program Development experts carry out planning, process and procedure development exercises that highlight the steps necessary to assess and secure your connected medical devices through appropriate safeguards.
Our Medical Device Security team will:
- Convene an interdepartmental governance group (IT, Biomed, Facilities/Physical Security, Nursing, CMO’s office, other Client functional areas as required).
- Form an interdepartmental group responsible for leading the planning, administrative management and implementation of the your medical device security program.
- Review, revise or create policies and procedures to govern medical device security.
- Adapt NIST Cybersecurity or HITRUST CSF to create a Medical Device Security Risk Analysis framework.
- Apply Probability and Impact Rating System (PAIRS) to identify criticality and prioritize current risks.
- Carry out Physical and Technical Testing.
- Perform walkthrough of one or two physical areas to observe medical device utilization and physical security environment.
- Perform vulnerability scan of a small subset (1-5 devices) of medical devices in “safe zone” VLAN. Document findings and remediation recommendations to include Common Vulnerability Scoring System (CVSS) ratings.
- Review medical device security management program incorporating learnings from technical security scan and physical security assessment.
- Provide recommendations for overall program redesign as well as policy and procedure revisions/enhancements to optimize for future expansion.