Pointing Fingers: Mediating Between Suppliers and Facilities for Practical Cybersecurity Management
(Room CC, 103AB)
02 Jun 18
9:15 AM
-
10:15 AM
Tracks:
Concurrent Education Session, Cyber/IT
While we’ve been told repeatedly that cybersecurity is a “shared responsibility” between facilities and suppliers, sharing isn’t always easy. ECRI has the unique perspective of working with both our member hospitals and medical device suppliers in the course of evaluations, problem reports, and accident investigations. We’ve learned a lot about what each side wishes the other would just take care of already, and the assumptions, miscommunications, and unspoken expectations that can leave big gaps in the management of overall security. We will describe problematic situations we’ve encountered from a postmortem approach: what happened, how did it get there, and what can be done to avoid a similar situation the next time?