How to Manage Cyber Risk of Medical Devices – for Life

Experts Offer Advice for Managing Growing Inventories, Resources for Providers

The HSCC’s “Health Industry Cybersecurity – Managing Legacy Technology Security” – or HIC-MaLTS – guidance offers organizations best practices that can be used to manage cyber risks of legacy medical technologies, said Phil Englert, vice president of medical device security at the Health Information Sharing and Analysis Center.

HIC-MaLTS takes on common healthcare cybersecurity challenges. For example, “many different types of medical devices and the diverse locations in which they are used possess unique risk profiles and include diagnostic, therapeutic, wearable, implantable and software-as-a-medical device features, among others, that can be used in hospitals, clinics, and other non-clinical and home healthcare settings,” he said.

Also in this article:

• four life cycle phases of medical devices
• “system-view” inventories combined with segmentation and network access controls
• HSCC’s Model Contract-Language for Medtech Cybersecurity 

Read the article in Healthcare Infosecurity here. Click Here

• Related Resources & News
• Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks
• EU Commission Calls for Health Sector ‘Cyber Action Plan’
• Health-ISAC Hacking Healthcare 1-24-2025
• Behavioral Incident Response Strategies in Clinical Settings
• Cyber Threat Alliance Publishes 2025 Cybersecurity in the Age of AI
• AI, Ransomware, and Medical Devices: Safeguarding Healthcare
• Securing Health Data in 2025: The Rising Cybersecurity Challenges
• Software Supply Chains and ISACs – The Inevitability Curve Podcast EP14
• Health-ISAC Hacking Healthcare 1-17-2025
• New HIPAA Cybersecurity Rules Pull No Punches