Gartner Blog Network

Healthcare Medical Devices: Security or Your Life?

by Jack Santos  |  April 5, 2011  |  Comments Off on Healthcare Medical Devices: Security or Your Life?

I met Jing Wang from Kaiser Permanente (KP) yesterday.  She works in Information Security at  KP. She is a women on a mission.

Some biomedical devices being installed in hospitals and doctors offices may be inherently insecure – sometimes held to a  lower standard of virus protection and intrusion prevention.  Why?  speed to market, security by obscurity, lack of awareness of IT best practices.

Jing’s mission is to rally buyers to hold vendors accountable. How?

– Have customers share information of breaches and device failures.  There is  a serious lack of this being done today, and vendor replies to an incident are usually “wow – that’s the first time we have heard of this happening”.  It’s time for independent reporting and tracking of medical device breaches.

– Collaborate on holding vendors accountable to fix software vulnerabilities and improving security design.  This can only be down when customers are clear on their expectations, and use their buying power to make it happen.

That’s Jing’s mission.  She speaks to providers, hospitals, and doctors about the need, and the plan.

At Gartner we call this border between IT and biomedical/clinical devices the  boundary between Information Technology (IT) and Operational Technology (OT).  In many industries we’re finding we can’t ignore that IT/OT dichotomy anymore – and OT (increasingly using IT-based devices and software).  Stuxnet was the poster child – a breach of industrial control equipment by yet to be determined (and probably government supported) hackers.  At one of the facilities I was a CIO at, our PACS (imaging) system was compromised when the vendor upgrade software was virus infected.  Luckily the radiologist PACS support person caught it.

IT/OT has always been an issue in healthcare.  It’s great to see people like Jing (and KP) take a lead in addressing the security of clinical devices that plug into our all-encompassing IT infrastructure.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: it-governance  management  managment  operational-technology  security  vendor-contracts  

Tags: healthcare  management  privacy  security  vendor  

Jack Santos
Research VP
7 years at Gartner
40 years IT industry

Jack Santos is a Research Vice President with Gartner, part of the Enterprise Architecture and Technology Innovation team within the Gartner for IT Leaders product. He focuses on enterprise architecture and technology trends. Mr. Santos' specific area of research covers individual development, leadership and management practices for enterprise architects, EA innovation, and collaboration approaches. Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.