A lack of standards spelling out to manufacturers their responsibilities for addressing the cybersecurity of medical devices – especially legacy products – has left a big burden on the healthcare entities that use these devices, says Cletis Earle, CIO at Kaleida Health, a health system in New York state.The situation “has created significant challenges, because … those devices sit in our networks and infrastructures from the technology side, and we’re now held responsible to remediate those issues,” says Earle, who is also chair of the College of Healthcare Information Management Executives – or CHIME – board of trustees.”Many of those devices are very proprietary and it’s very difficult to manage them because you would need to put in some kind of solution that … monitors devices – and the proprietary nature of those devices makes that very challenging to do,” he says in an interview with Information Security Media Group.

Source: Click here