Medical Devices blog by Health-ISAC VP, Medical Device Security, Phil Englert
This column builds on last month’s discussion of cyber resiliency metrics. You can read last month’s column here. Clinicians are focused on delivering safe, uninterrupted care. They need metrics that translate technical risks into operational realities, connect cybersecurity to clinical outcomes, ensure operational continuity, and directly affect patient outcomes.
Cybersecurity in healthcare is a clinical and operational imperative, not just an IT issue. Medical devices are critical to patient care, and their compromise can have life-threatening consequences. Healthcare systems can provide executive leaders with actionable insights to guide strategic investments by adopting a structured, metric-driven approach grounded in the MITER framework. A metric-driven model empowers clinical leaders to understand and support mitigating cyber risks to patient care and equips HTM teams with the tools and data needed to strengthen device security.
These metrics are more than numbers – they are a language that bridges technical and clinical domains, enabling informed decision-making and shared accountability. With leadership support, healthcare organizations can operationalize these metrics, integrate them into existing workflows, and build a culture of cyber resilience that protects patients, staff and systems. This program will reduce the vulnerability footprint and foster a culture of shared responsibility and continuous improvement.
Three metrics for clinical department leaders:
1 – The number of devices with unsupported operating systems.
2 – The percentage of devices with secure configuration and access controls.
3 – The average downtime from cybersecurity-related device incidents derived from incident response logs and CMMS service records.
Read more about metrics for HTM Teams in the TechNation blog. Click Here
