IoT Security Standards: Where Should the Security Lie in Our Networks?
Discussing what effective IoT security standards would look like and what government and industry leaders are doing to bring them about.
American Enterprise Institute panel, hosted by AEI’s Shane Tews, including Health-ISAC’s Director of Medical Device Security, Phil Englert.
Recording of Panel, available here:
Some quotes from Phil Englert pulled from the discussion:
We’re heading toward zero trust, where every ID is validated, best in class, the protections need to be commensurate with the risk created. Like going through TSA at the airport, you’re willing to stand in line for a certain amount of security. Have controls appropriate to the risk.
Make it a New Year’s ritual to change all your passwords and be sure to keep them all unique and complicated.
There are 10-15 connected devices for every bed in an acute care facility. Data is sent to a central collection point. An acute care center is more like a mall of specialized shops than a single business unit. They don’t operate together and neither does the equipment.
We’re beginning to see a transformation where a manufacturer has bought other MDMs to own an entire department in a hospital with the hopeful intent of interoperability.
The real challenge is to recognize what is NOT normal comms. If a patient monitor speaks to a CT, we have to know that’s not normal behavior and should have an alert that it needs to be monitored.
- Related Resources & News
- Healthcare Heartbeat 2024 Q4
- Health-ISAC Hacking Healthcare 2-19-2025
- Podcast: Reflecting on the Change Healthcare cyberattack
- Senate Confirms Trump Pick RFK Jr. to Lead HHS
- The Alarming Backdoor Hiding in 2 Chinese Patient Monitors
- Health-ISAC 2025 Health Sector Cyber Threat Landscape
- How Health Systems Manage Security in the Cloud
- Change Healthcare Attack a Wake-up Call for the Industry
- Five High-Impact Cyberattacks Healthcare Industry Should Avoid in 2025
- Health-ISAC Hacking Healthcare 2-11-2025