Virima V6.0 will soon be available with an all-new look, enhanced discovery, mapping and vulnerability features and more. Stay tuned!

Medical Device Management: Challenges and Opportunities

Configuration Management IT Medical Devices

Connected medical devices represent one of the largest and fastest-growing segments of the Internet of Things (IoT). Connected devices from heart monitors to fitness trackers are helping healthcare providers to improve services and patients to be more proactive and informed about their health.

But such devices present significant challenges to managers of healthcare IT. Many have limited or no built-in passwords or other cyber security features.

Many IT management tools offer only limited or challenging support for IoT device management. IT leaders and their teams face a growing number of alternatives when considering medical device management solutions, each with a unique set of features, strengths, and weaknesses.

Connected Medical Devices: The Current Reality

Green Hills Software is a leading provider of so-called “embedded systems.” These are the operating systems and development tools that run and support connected devices that are not fully-fledged computers, including medical devices.

In late 2018, the company contacted about three dozen physicians, executives and other organizations that support, or work on behalf of, healthcare providers. Those respondents were asked multiple questions about cyber security.

  • A solid 95% of the interviewees were aware that unsecured medical devices on healthcare networks can be used as beachheads to infiltrate the organization’s network and servers, allowing a cybercriminal to install malware or steal Electronic Health Records (EHR).
  • Almost all IT executives and physicians interviewed were investing substantially in protecting their internal networks. However, only larger healthcare providers had the resources and the staff to institute official policies and procedures to ensure that procured medical devices are manufactured using industry best practices for safe coding and cybersecurity.

Interviewees were also asked their opinions of guidance provided so far by the U.S. Food and Drug Administration (FDA). While 30 percent of respondents were satisfied with current FDA guidance, 55 percent were not.

Those not satisfied believe FDA guidance needs to require device manufacturers to provide detailed information to make it easier for healthcare providers to compare the levels of security and safety built into a medical device. The hope is that the requirement for a software bill of materials (SBOM) will help in this regard.

The current reality of connected medical devices is both promising and challenging. The value of such devices to patient care is undeniable. However, many if not most healthcare providers don’t have the resources or influence needed to pressure manufacturers to improve cyber security. Many simply cannot wait for more or better FDA guidance and industry compliance.

Medical Device Management: What to Do Now


Protect Your Patients 

Wherever possible, prohibit the use of connected medical devices that do not at least support changeable passwords. Encourage adoption of devices with integrated password, connection, and security management features. And educate and encourage patients to choose personal fitness monitors and other devices that can be secured.

Protect Your Data 

Connected medical devices send and receive multiple types of data. Depending on the device, data can include current and historical EHR information, information about the device itself, and information for network access. Any and all of this data represents potential value to thieves and malefactors. Your organization must ensure that data is protected, wherever it is stored, used, or accessed, throughout its lifecycle.

Protect Your Network

To provide maximum protection of your data and your connected patients, your organization needs accurate, complete, and up-to-date information about your network. This must include information about all critical IT resources, their interconnections with each other and your IT services, and all network access requests and attempts.

(See, “When patients’ lives are on the line, a guess isn’t good enough”)

Automated, comprehensive IT Discovery and updates to your Configuration Management Database (CMDB) can deliver the information you need to maximize protection of your IT estate. These features can also aid and improve compliance with business processes and regulations such as the US Health Insurance Portability and Accountability Act (HIPAA) and the European Union’s General Data Protection Regulation (GDPR).

(See, “ITSM in 2019: are you ready for GDPR?”)

Your organization must do everything possible to protect your network, your IT, and your patients from online threats. There could be much more than your business operations at stake.

Connected Medical Device Management: Virima Can Help

Virima solutions can automatically discover and map your critical IT resources and the interconnections that link them to one another, your applications and services, and your users. Virima also makes it easy to create and deploy probes for discovering and monitoring Internet of Things (IoT) devices.

Virima solutions are easy to use and configure, and designed to work well with each other. These and other features can help you and your IT management team maximize the protection of your IT estate, your data, and your patients.

Read our healthcare case study to learn how Virima helped a leading US regional healthcare system achieve consolidated,  accurate, complete, automated, repeatable discovery and mapping of its entire IT infrastructure and more than 150 services. 

(Also see our recent BrightTALK webinar, “The Business Value of Intelligent IT Automation.”)

Virima is here to help. To get started, contact us today to schedule a demo and explore the possibilities!

Subscribe to Our Newsletter

More to Explore

Table of contentsWhat is CMDB, and why is it important for your cloud initiatives?CMDBs and change managementCMDBs and incident managementCMDBs and problem managementCompliance reporting made easy with CMDBsImpact analysis with CMDBs and cloud assetsMake better, fact-based decisions with Virima for…

Table of contentsHow does asset discovery work?What types of IT assets can you discover?NetworksServersPCs, laptops, and mobile devicesBenefits of IT asset discoveryLess time spent on cataloging IT assetsBetter and detailed IT reportsStreamlined IT asset acquisitionEnsuring compliance with security policies A single…

Table of contentsWhy stakeholder communications are importantHow to prepare for incident communicationIncident management best practicesCommunication plan High-quality major incident management communication plan Using visualizations in stakeholder communicationsIncident mitigation with visualizations Virima can help you with incident management Incidents are a part of business,…

Table of contentsAsset managementTracking and labeling assets’ locations and states through an asset register Tracking and managing software licenses Managing end-user devicesKeeping tabs and handling decommissioned assetsConfiguration managementIdentifying configuration items in the CMS Controlling  and managing all changes made to assets Understanding impact on…

Some people think that an IT service desk is the same thing as an IT help desk. It isn’t and we’re  going to explain the difference between service desk and help desk. Sure, there are some similarities, but there are…

Table of contentsA CMDB tool can maintain all other tools What is CMDB in ServiceNow?What are ServiceNow CMDB best practices?A few ServiceNow CMDB best practices include:Defining your goalsForming a configuration management teamEstablishing a governance structureUnderstanding configuration item designIntegrating with key business…

Table of contentsStep 1. Determine business objectivesStep 2. CMDB discovery toolsStep 3. ITSM system integrationStep 4. Equip data owners/data stewards with the right toolsStep 5. Data management and retention planStep 6. CMDB: data visualizationLearn more about these steps by watching…

Incident management is crucial while dealing with major incidents. They are the crises that have widespread impacts on your employees, disrupt your operations, and impact your ability to deliver on customer expectations.  While you may assume your company is prepared…

Table of contentsUnderstanding business service mappingA modern approach to business service dependency mappingDiscovery planning processUse casesVirima simplifies service mapping and IT discovery Business service mapping is the area of configuration management that perplexes so many IT professionals. Yet, it provides…

Understanding the Configuration Management Database (CMDB) and its core functions is a critical aspect of service management. The CMDB forms the hub of numerous service management practices and provides a means of correlation needed to deliver business services successfully.   The…

The Configuration Management Database (CMDB) contains information about the enterprise's logical and physical assets. Modern service management platforms provide core functionality referenced by all service management practices, including business-facing rules. As a result of its core functionality, the role of…

A previous post discussed “The problems with your problem management” and some of the obstacles standing between your organization and true, proactive problem management. This post delves deeper into some of those obstacles and offers recommendations to help you address…

IT asset management (ITAM) and inventory management are both useful practices that can benefit any organization using IT. Inventory management can exist without IT asset management, and in fact, it does in many organizations as it has been in existence…