Addressing the Shortage of Medical Device Cyber TalentUniversity of Minnesota's Bill Aerts on New Center for Medical Device Cybersecurity
The shortage of cybersecurity professionals in the United States includes a scarcity of expertise in medical device security. But the University of Minnesota is hoping to help to change that through new programs and more collaboration with the industry, says Bill Aerts, senior fellow and managing director of the school's recently launched Center for Medical Device Cybersecurity.
"Everyone in this industry is screaming, 'Can we get … four-year-degree students coming out of college with some kind of background in this subject?'" he says. "We need to start building university programs around this subject."
The University of Minnesota next spring will offer a new "fully accredited university course on medical device cybersecurity, which may be a first," Aerts says in an interview with Information Security Media Group.
The university's 1-year-old Center for Medical Device Cybersecurity also has a goal of creating an education hub for healthcare security, including developing a center of excellence to help educate smaller medical providers and manufacturers about medical device security, says Aerts, the former global director of security at medical device maker Medtronic.
Among the medical device cybersecurity topics the center is examining are the wide-ranging challenges related to older, outdated medical gear, he says.
"Legacy devices are clearly the most vulnerable devices out there," Aerts says. "They haven't been brought up to speed - or can't be brought up to speed - to have the kind of security built around them or in them to protect them against ransomware."
In this interview (click on player beneath image to listen), Aerts discusses:
- Filling cybersecurity talent gaps, especially related to medical devices;
- Top legacy medical device concerns;
- The challenges involving in securing operational technology devices, such as HVAC and other connected gear found in healthcare environments.
Aerts oversees operations, works with industry stakeholders, develops and supports research and educational programs and builds industry-academia collaboration for the Center for Medical Device Cybersecurity at the University of Minnesota. He most recently served as executive director of the Archimedes Center for Healthcare and Device Security at the University of Michigan. Prior to that, he served as the global director of product security at Medtronic.