Risk Assessment is the core requirement for achieving HIPAA Security compliance. This risk assessment tries to identify and mitigate sources for ePHI data loss in your network. While PCs, laptops, servers, PDAs, network printers and other network devices may be obvious points of failure, you should also include medical devices in your assessment.
Medical devices can be either wireless or wired. They can be broken down into four general categories: consumer health monitoring, wearable, embedded and stationary devices. These devices all house ePHI in some form and are increasingly coming under attack by thieves interested in stealing patient data. This type of attack is called Medical Device Hijacking or Med Jacking.
Security isn’t necessarily built into all medical devices. While this is changing with newer products, legacy systems are vulnerable. So what can you do to protect yourself today to mitigate risk?
- Make sure your devices are up to date with software and hardware fixes from the manufacturer. This practice is similar to keeping your server’s patched.
- Replace old, non-updatable, unsecure devices. Your refresh plan should be expedited for this older, less secure equipment.
To read the complete article, click here.
Orion Group Managed Services offers Security Management consulting support and assists our customers in its design and implementation. Contact us today!