TY - JOUR AU - Sappal, Simran AU - Prowse, Paul PY - 2021/05/11 Y2 - 2024/03/29 TI - A Cybersecurity Vulnerability Management System for Medical Devices JF - CMBES Proceedings JA - CMBES Proc. VL - 44 IS - SE - Clinical Engineering DO - UR - https://proceedings.cmbes.ca/index.php/proceedings/article/view/951 SP - AB - <p>Interconnectivity of medical devices on a converged network with other Information and Communications Technologies (ICT) is rapidly expanding as is the threat of cyber attacks on hospitals including their medical equipment.&nbsp; A clear structure and approach to the management of cybersecurity vulnerabilities for medical devices must be developed to reduce the risk of compromise and subsequently patient care.&nbsp; Through the use of existing Preventive and Corrective Maintenance processes within the Winnipeg Regional Health Authority, a familiar process for resolving and reporting on resolution status is established.&nbsp; Accordingly, the necessary networking, software, and operating system fields are identified for addition to the Computerized Maintenance Management System (CMMS) to track and associate vulnerabilities with affected medical devices.&nbsp; Incorporation of these factors into the CMMS enables asset-specific risk management and regular reporting on vulnerability resolution.&nbsp; Improved tracking and reporting of the organization's medical device cybersecurity risk posture enables improved governance for cybsecurity resoluton and provides additional information for the purposes of lifecycle management.</p> ER -