Resources tagged with:
Phil Englert

Experts Offer Advice for Managing Growing Inventories, Resources for Providers

The HSCC’s “Health Industry Cybersecurity – Managing Legacy Technology Security” – or HIC-MaLTS – guidance offers organizations best practices that can be used to manage cyber risks of legacy medical technologies, said Phil Englert, vice president of medical device security at the Health Information Sharing and Analysis Center.

HIC-MaLTS takes on common healthcare cybersecurity challenges. For example, “many different types of medical devices and the diverse locations in which they are used possess unique risk profiles and include diagnostic, therapeutic, wearable, implantable and software-as-a-medical device features, among others, that can be used in hospitals, clinics, and other non-clinical and home healthcare settings,” he said.

Also in this article:

• four life cycle phases of medical devices
• “system-view” inventories combined with segmentation and network access controls
• HSCC’s Model Contract-Language for Medtech Cybersecurity 

Read the article in Healthcare Infosecurity here. Click Here

January 15, 2025

Phil Englert and our host Chris Blask have been co-chairing a CISA working group on software bill of materials (SBOM) sharing. The working group has developed a process to help ISACs and similar organizations determine the control architecture necessary to manage the distribution of SBOMs among their members.

Listen to the Inevitability Curve podcast EP14 here. Click Here

Blog by Health-ISAC VP of Medical Device Security, Phil Englert

The ISO 81001-5-1:2021 standard Health software, and health IT systems safety, effectiveness, and security provides guidelines for the cybersecurity of health software and health IT systems, including medical devices. Part 5-1 focuses on security activities in the product life cycle.  This standard is critical for ensuring that medical devices are secure by design, protect patient data and maintain the integrity of health care operations.

The Secure Product Development Framework (SPDF) provides manufacturers with a set of processes that, when effectively implemented, can help manufacturers demonstrate a reasonable assurance of safety and effectiveness during the regulatory submission process. Manufacturers should integrate security into each phase of the development process, from design to deployment.

Read the full blog in TechNation here:

Click Here

Blog by Health-ISAC VP of Medical Device Security, Phil Englert

Rural hospitals face unique challenges, including financial constraints and staffing shortages.

Between 2010 and 2021, 136 rural hospitals closed, with a Crisis in Rural Healthcare report stating 600 more of the remaining 1,796 are at risk of closing. 

HealthIT Security.com reports that “Cyberattacks are pivoting to target smaller health care companies and specialty clinics without the resources to protect themselves, instead of larger health systems that – despite being treasure troves of personal and medical data – generally have more sophisticated security.” Most smaller hospitals are connected to larger systems becoming the “path of least resistance” into those larger health care networks increasing risk on a national level.

Read the full blog in TechNation here.

Click Here