Kevin McDonald has over 35 years of healthcare experience in various roles. He holds degrees in nursing, education and information systems. His work experience includes direct patient care, management, electronic medical record implementation, and information technology and security. Kevin's current role at Mayo Clinic is director of clinical information security in the Office of Information Security, with one of his primary responsibilities being the security of medical devices.
As more data from medical devices is fed into EHRs on a provider’s network, finding ways to secure and protect the devices from viruses and other cyber threats has become a vital part of any comprehensive security program.
But securing these devices is a tough nut to crack for a number of reasons. Many are not managed by the IT department; clinicians are often resistant to new security safeguards that may impact their workflow; medical device vendors are often unresponsive to requests for security upgrades to existing software; and some of the upgrades can be prohibitively expensive.
In this session, senior security officers at three major healthcare systems share with attendees their approach to securing medical devices.
Among other things, they’ll address:
- Practices for assessing and mitigating medical device risks
- Processes for approving requests for new medical devices
- Responding to infected devices
- Vendor management
- Educating clinicians and administrators to the security risks medical devices pose.