Reducing Medical Device Cybersecurity Risks at Mayo

Kevin McDonald, Director of Clinical Information Security, Mayo Clinic. Weak cybersecurity safeguards in medical devices have the potential to impact patients, care delivery processes and a healthcare organization’s IT network. To reduce the risk, healthcare delivery organizations need to have a formalized risk-based process to assess and manage their medical devices. Kevin discusses frequently seen medical device vulnerabilities and lessons learned in establishing a medical device cybersecurity program, including setting standards, designing assessment processes and developing risk mitigation and remediation options. In addition, he addresses the importance of governance and the need to make risk vs. benefit decisions.