Last week in Orlando, I attended the Defense Health Information Technology Symposium (DHITS) conference. This is one of the best attended, most cohesive trade shows I have been to in years. One of the eight break-out tracks was entirely devoted the challenges of securing defense health networks and the medical devices that connect to them. It was overdue proof that the Defense Health Agency (DHA) community is recognizing the importance of cybersecurity.
The seven cyber sessions were:
- Risk Management Framework
- Cybersecurity- Decisions, Habits and Hygiene
- Are You Cybersecurity Inspection Ready?
- Incident Response: Before, During and After the Hack- How
- MHS Medical Device Integration and Security: Details Matter
- RMF Requirements and Workflows for Medical Devices with the DOD
- Security for Connected Medical Devices
Clearly, the defense health community is paying a lot of attention to medical devices as a source of vulnerabilities. According to a DHA presentation at the conference, 80% of all successful cyber incidents can be traced back to poor medical device user practices, poor network and management practices, and poor implementation of network architecture.
Medical devices are easy to access on internal networks and device owners are not sure how to secure the devices or the networks.
Everyone tries to lock down the devices. There are thousands of devices in a large hospital. They can’t be 100% secure. They need networks that are digitally resilient, that find devices and non-compliant configurations. Only then can they mitigate the risk to defense health systems. Even though the Defense Health Agency is a new organization, it’s slowly taking over the IT responsibilities of various defense health organizations. As these networks are consolidated into a new network, Med-COI, there has been a tendency to focus on “getting the job done.” To avoid future issues, DHA needs to prioritize understanding what current risks they’re bringing into this new network.
The good news is that all the attendees I spoke with and who dropped by RedSeal’s booth agreed that these were challenges that needed to be addressed.
For more information on how RedSeal can assist with building digital resilience in the Defense Health community, please contact Matt Venditto at firstname.lastname@example.org