Upendra Priyanka
Biomed Instrum Technol. 2021 Nov 1;55(4):121-130. doi: 10.2345/0899-8205-55.4.121.
The number of cyberattacks and information system breaches in healthcare have grown exponentially, as well as escalated from accidental incidents to targeted and malicious attacks. With medical devices representing a substantial repository of all the assets in a healthcare system, network security and monitoring are critical to ensuring cyber hygiene of these medical devices. Because of the unique challenges of connected medical devices, a passive network monitoring (PNM) solution is preferred for its overall cybersecurity management. This article is intended to provide guidance on selecting PNM solutions while reinforcing the importance of program assessment, project management, and use of leading practices that facilitate the selection and further implementation of PNM solutions for medical devices. The article provides a detailed introduction to connected medical devices and its role in effective care delivery, an overview of network security types and PNM, an overview of the National Institute of Standards and Technology Cybersecurity Framework and its application for program assessment, essentials of project management for PNM solution selection and implementation, key performance indicators for measuring a solution's ability to meet critical cybersecurity needs for medical devices, and lessons learned from the author's professional experience, selective literature review, and leading practices. Rather than describing a complete list of guidelines for selecting PNM solutions, the current work is intended to provide guidance based on the author's experience and leading practices compiled from successful medical device cybersecurity programs.
医疗保健领域的网络攻击和信息系统漏洞数量呈指数级增长,且已从偶然事件升级为有针对性的恶意攻击。医疗设备是医疗保健系统中所有资产的重要存储库,因此网络安全和监控对于确保这些医疗设备的网络安全至关重要。由于联网医疗设备面临独特挑战,被动网络监控(PNM)解决方案因其全面的网络安全管理而更受青睐。本文旨在为选择PNM解决方案提供指导,同时强化项目评估、项目管理以及采用有助于选择和进一步实施医疗设备PNM解决方案的最佳实践的重要性。本文详细介绍了联网医疗设备及其在有效医疗服务提供中的作用,概述了网络安全类型和PNM,概述了美国国家标准与技术研究院网络安全框架及其在项目评估中的应用,选择和实施PNM解决方案的项目管理要点,衡量解决方案满足医疗设备关键网络安全需求能力的关键绩效指标,以及作者从专业经验、选择性文献综述和最佳实践中吸取的经验教训。当前的工作并非列出选择PNM解决方案的完整指南清单,而是旨在根据作者的经验以及从成功的医疗设备网络安全项目中总结的最佳实践提供指导。