Unpatched vulnerabilities remain a target of cyberattacks, and an ever-present risk for healthcare organizations. Medical devices pose an additional burden because patches are frequently unavailable for medical devices. So, dealing with the potential threat isn’t usually straightforward. The stakes are also high in healthcare, because cybersecurity risks can expose or hinder access to electronic protected health information (ePHI) or even harm patients if the equipment malfunctions or is inaccessible.

Medical device cybersecurity hinges on knowing the vulnerabilities of each device and whether patches are available, as well as how critical each piece of equipment is to the overall function—and determining any risk to patient safety, among other factors. Continuous assessment and real-time risk measurement help prioritize surveillance efforts, raise red flags, and mitigate risk efficiently.

 …