Medical and Internet of Things (IoT) device security in the health delivery setting has been a well-known blind spot for organizations that want to reduce risk and develop efficient approaches to managing these ubiquitous assets better. The proliferation of these devices has gone far beyond the confines of the campus, further adding to the difficulty of identifying and protecting them, the patients, and operations reliant upon them. Establishing the right technology (security scanning, visibility and management tools), framework to guide the program, expertise, and programmatic vision for a comprehensive medical and IoT device risk program was an idea that had to go beyond compliance, structural frameworks, and traditional cybersecurity controls. Instead, the effort requires a novel, yet repeatable solution able to be accomplished with a modest budget across various provider models.
