Jack Santos

A member of the Gartner Blog Network

Jack Santos
Research VP
3 years at Gartner
30 years IT industry

Jack Santos provides an executive perspective to the Burton IT1 product line within Gartner. Besides suggestions to the detailed content that takes into account senior IT and business management concerns, his role is to also position the Burton recommendations in a way… Read Full Bio

Coverage Areas:

Healthcare Medical Devices: Security or Your Life?

by Jack Santos  |  April 5, 2011  |  Comments Off

I met Jing Wang from Kaiser Permanente (KP) yesterday.  She works in Information Security at  KP. She is a women on a mission.

Some biomedical devices being installed in hospitals and doctors offices may be inherently insecure – sometimes held to a  lower standard of virus protection and intrusion prevention.  Why?  speed to market, security by obscurity, lack of awareness of IT best practices.

Jing’s mission is to rally buyers to hold vendors accountable. How?

- Have customers share information of breaches and device failures.  There is  a serious lack of this being done today, and vendor replies to an incident are usually “wow – that’s the first time we have heard of this happening”.  It’s time for independent reporting and tracking of medical device breaches.

- Collaborate on holding vendors accountable to fix software vulnerabilities and improving security design.  This can only be down when customers are clear on their expectations, and use their buying power to make it happen.

That’s Jing’s mission.  She speaks to providers, hospitals, and doctors about the need, and the plan.

At Gartner we call this border between IT and biomedical/clinical devices the  boundary between Information Technology (IT) and Operational Technology (OT).  In many industries we’re finding we can’t ignore that IT/OT dichotomy anymore – and OT (increasingly using IT-based devices and software).  Stuxnet was the poster child – a breach of industrial control equipment by yet to be determined (and probably government supported) hackers.  At one of the facilities I was a CIO at, our PACS (imaging) system was compromised when the vendor upgrade software was virus infected.  Luckily the radiologist PACS support person caught it.

IT/OT has always been an issue in healthcare.  It’s great to see people like Jing (and KP) take a lead in addressing the security of clinical devices that plug into our all-encompassing IT infrastructure.

Comments Off

Category: IT Governance management Managment Operational Technology security Vendor Contracts     Tags: , , , ,