As the security of medical devices becomes a growing concern, hospitals need to implement appropriate controls and apply machine intelligence to detect threats, says Venkataraman Subramanian, information security officer at Columbia Asia Hospitals.
The company operates 29 medical facilities across India, Malaysia, Vietnam and Indonesia.
"The consequences of a medical device getting hacked, especially when there is traction around IoT ... opens a can of worms because the degree to which you would otherwise secure a database may not be the same when it comes to a device," Subramanian says in an interview with Information Security Media Group. "The consequence of that kind of an attack to a medical device in healthcare is tremendous. It can truly kill somebody. ..."
Because an organization might have as many as 100,000 medical devices, manual monitoring for intrusions is impossible, he contends. "We have to have to have machine intelligence."
Subramanian also recommends that practitioners from within the industry should come together and "have open conversations on what they are doing and share notes."
And he suggests that hospitals view information security as a business project. "Though a lot of IT components are at play, in my view IT is doing some of this heavy lifting on behalf of business."
In the interview (see audio link below the image, Subramanian discusses:
- Where the healthcare industry is missing the mark when it comes to information security;
- The risks associated with medical devices;
- The importance of detection and threat intelligence.
Subramanian heads the information security program for Columbia Asia Hospitals. He is based at the corporate office in Kuala Lumpur. Subramanian is a part of IT leadership team and works on IT transformation initiatives. He has 16 years of IT experience and has worked with several multinational organizations in India, U.K., U.S. and Malaysia.