Embracing diversity in people, ideas, and lifestyles adds to a person’s life and can provide new ideas and drive innovation. But, diversity in medical devices adds complexities, costs, and increases the chances of errors. What can make each device a “special snowflake” are the hundreds of variations in device software, software updates, maintenance, server-side software, communications, security posture, age, etc.
These variations can lead to a classic combinatorial explosion problem where mixing and matching variables in multiple combinations create thousands of devices that are unique and require individualized support. This would be analogous to having the IT department purchase and manage hundreds of different brands of computers with different ages, operating systems, patch levels, vulnerabilities, and support and maintenance steps. Managing this kind of diversity is expensive, time-consuming, and technically challenging (if not impossible) — and it can impact safety and the security of the devices. This is all in addition to the strain and financial pressure our healthcare system is currently facing.
Healthcare facilities have a large number of legacy devices in use that are significant drivers of this diversity. Many medical devices have long life spans. Biomedical Advisory Group recommends 10 years for IV pumps and monitoring systems, so healthcare providers may have devices as old as 15 years still in use. In many cases, manufacturers developed these devices with no plans of doing upgrades, so you will see all flavors of Windows (including some of my favorites like Windows ME and Vista), as well as Unix and proprietary device software.
You will find a full spread of differences (and snowflakiness) in the following areas:
The outcome of mixing and matching these variables is that you end up with more special cases than “normal” devices. This amount of variation plays through the full lifecycle of a device, causing a proliferation of tools and methods, security solutions, and often, the need to “handcraft” solutions. There is no quick fix to this problem, and it will continue to grow as devices age.
There are several things healthcare providers can do to help mitigate this problem.
This is a long-term problem. Devices are purchased every day that will only add to the challenges, but we still need to start on the path to a solution to help minimize the risks.
As Tom Peter’s said, “Almost all quality improvements come via simplification of design, manufacturing … layout, processes, and procedures.”
Interested in learning more about healthcare cybersecurity? Read my blog post on the complexities of IoT medical devices to learn how your team can implement a medical device cybersecurity program.
Security strategies are evolving; driven by regulatory requirements, customer expectations around data privacy and AI-driven…
In our April 2024 quarterly release, LogRhythm Axon showcases new enhancements from its two week…
In our April 2024 quarterly release, LogRhythm SIEM introduces new enhancements to bring you faster…