When a contract or vendor relationship is considered, healthcare delivery organizations (HDOs) have an obligation to consider the security steps involved in securely designing, developing and maintaining connected medical devices marketed. Additional considerations also include the types of information processed or exchanged as part of the service or activity the vendor is providing. Security-by-design practices and vendor/third-party assessments are often times not incomplete or inconsistently performed, resulting in connected medical devices on the market today to have significant cybersecurity vulnerabilities. Outcomes of the session include exploring an industry leading healthcare provider procurement process, including the performance of vendor level and device level assessments. By the end of the session, the audience should understand the steps involved in assessing the vendor (e.g., strategy, execution) and assessing the design and implementation features built into a device.
Analyze the connected medical device cybersecurity landscape and trends
Discuss the lack of security practices built into connected medical device procurement
Discuss the steps involved in procuring a connected medical device
Define an approach to reduce risk to patient safety and information security