3 steps to better asset management in healthcare

In part one of this series, we identified the many challenges to proper asset management in healthcare. In part two, we cover solutions to help hospitals and healthcare systems improve asset management and medical device security.

With the proliferation of IoT and connected OT devices in hospitals, asset management – the process of creating an inventory of the devices connected to a network – is increasingly difficult. Yet, it is a crucial component of healthcare cybersecurity. In fact, asset management ranks as a top priority for cybersecurity preparedness by the National Institute of Standards & Technology (NIST), Center for Internet Security (CIS), and the European Banking Authority.

Further, the Covid-19 pandemic has stretched hospital resources thin, with the influx in patients, staffing shortages, and shrinking budgets. It has also introduced new security challenges, with ransomware attempts on hospitals increasing 123% last year, impacting revenue, healthcare practitioners’ ability to provide care, and patient outcomes, as evidenced by the 2019 attack on Alabama-based Springhill Medical Center resulting in the first potential ransomware-related death. Visibility into hospital networks and the devices connected to them has become life or death – after all, you can’t secure what you don’t know is there.

However, despite its importance, many hospitals still don’t have the IT or security resources needed to accurately track device inventory. New processes, policies, and tools are needed to ensure an accurate and holistic inventory so that hospital networks and devices can be secured. It is worth noting, however, that asset management is just one component of improving security for healthcare systems, and additional steps and tools are needed to improve the overall security posture of our critical healthcare infrastructure.

Challenges to asset management in healthcare

Cybersecurity Ventures estimates that the healthcare industry in total will spend only $125 billion annually on cybersecurity by 2025, while the financial services industry spends an average of 10% of revenue or $2,300 per employee on cybersecurity per year, with Bank of America’s costs reaching…