Guidance offers steps to create, maintain operational technology asset inventory for protection

Aug 14, 2025 - 03:31 PM
Cybersecurity Lock on Gold Wall

The Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency, National Security Agency, FBI and international agencies Aug. 13 released guidance for operational technology owners and operators to create and manage an OT asset inventory. Examples of OT in health care include electronic health record systems, medical device hardware and software. The guidance explains ways owners and operators can improve and use their inventory to protect other critical assets. It includes recommendations on OT cybersecurity and risk management, maintenance and reliability, performance monitoring and reporting, and training and awareness. 

“Understanding OT device connectivity to complex hospital networks is critical,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “Unmanaged — or worse, unknown — OT devices can add significant vulnerabilities to their system. A perfect example of the risks posed by unmanaged OT devices is the Contec CMS 8000 patient monitors that were discovered sending data to China without authorization. These devices certainly add value in the health care setting, but just like anything else connected to the network, they have to be managed and maintained.” 

For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
Open-source text program Notepad++ impacted by critical vulnerability
The National Institute of Standards and Technology Feb. 2 published details on a critical vulnerability that impacted Notepad++, a free, open-source text and…
Headline
ASTP/ONC issues RFI on interoperability standards for diagnostic imaging 
The Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology released a request for information Jan. 29…
Headline
FBI launches campaign to protect hospitals, other critical infrastructure against cyberattacks
The FBI has launched a two-month campaign, Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense), highlighting 10 actions…
Headline
Guides offer strategies on preparing for public health emergencies, cybersecurity incidents 
Two AHA guides offer strategies for hospitals and health systems in preparing for public health emergencies and disasters and managing cybersecurity incidents…
Headline
AHA podcast: Cybersecurity on the Health Care Front Lines Against AI and Ransomware
Larry Pierce, director of cybersecurity and information security officer for Atlantic Health, unpacks how the growth of artificial intelligence is reshaping…
Headline
Agencies issue guidance on secure connectivity for operational technology
U.S. and international agencies Jan. 14 released guidance on secure connectivity for operational technology environments. Examples of OT environments in health…