CISA’s ICS Medical Advisory (ICSMA-21-084-01) on the Philips Gemini PET/CT Family notes that sensitive patient information is stored in removable media without access control, presenting cybersecurity vulnerabilities. In response, an expert offers perspective on medical device cybersecurity.
<p>Removable storage without proper access control is yet another example of the increasing number of vulnerabilities found in medical devices. These vulnerabilities highlight the need to rethink how we secure medical devices using zero trust principles. Healthcare Delivery Organizations rely on OEMs and 3rd party integrators to manage, patch, update, monitor and troubleshoot these medical devices inside of their networks – but they don\’t trust them. Security through endpoint micro-segmentation gives network owners the ability to isolate and manage medical devices without establishing implicit trust or configuring the network to allow external access. Granular control and visibility of sprawling medical device inventories will help HDOs move toward a more preventative approach to securing their networks.</p>