I just finished presenting at HIMSS19 Cybersecurity Command Center. As much as I hope attendees enjoyed an informative session, I personally enjoyed how much insight I took away from the audience. I wanted to take a few minutes now and share the insight I was able to gather during today’s presentation.
Sharing the stage with my co-presenter, Mt. San Rafael Hospital CIO, Michael Archuleta, the topic of our presentation this morning was Biggest Misconceptions of Device Security and Visibility. The first misconception focused on which departments were ultimately responsible for medical device management. I was pleasantly surprised by the response from the audience. Rather than retreating to traditional roles and responsibilities, the audience felt that all departments had a role to play. This is a significant difference from events a few months ago when such questions usually resulted in debate across IT and clinical teams. The industry and the healthcare professionals have come a long way.
Another misconception focused on the effective use of connected medical devices. When reviewing the details of our findings, the audience shared their view of how much a typical IV pump is utilized compared to its full capacity. 20% to 50% seem to be the common response. It was unfortunate but I had to share that less than 20% of a typical IV pump capacity is utilized. More than 80% of capacities are otherwise wasted as organizations purchase new IV pumps. I’m convinced that we need to continue to work with healthcare organizations to educate the industry on the use of modern tools so they can make intelligent decisions on device utilization and purchases.
Although Michael and I covered several misconceptions, I’ll leave you with just one more; Tools like NAC (by itself) can adequately segment medical devices. This is not a simple misconception and the responses from the audience varied. Yes, NAC can be effective in many situations but only when complemented by IoT-specific analytics and management tools. The unfortunate reality is that organizations cannot intelligently segment medical devices manually. A recent study shows that less than 25% of devices in medical virtual networks are indeed medical devices. This is the reason why I have focused so much effort on integrating with vendors such as Cisco and VMware to bring a comprehensive solution to market.
As I mentioned at the start of this blog, I am so grateful to gain so much insight from the healthcare providers during my presentation. I’ll share some additional insights from HIMSS19 shortly.