Medical device cybersecurity can no longer be viewed simply as an IT responsibility. Priyanka Sollinger, BS, MS, CHTM, AAMIF, vice president of cybersecurity services at Asimily, reinforced that point during the AAMI eXchange session, “Breaking Silos, Building Security: Collateral Duty for All.” Protecting connected medical devices, she said, requires shared accountability across healthcare technology management (HTM), IT, cybersecurity, procurement, clinical engineering, and vendors — roles that can no longer operate in silos.

Sollinger first raised the alarm about medical device cybersecurity at AAMI in 2015, and she said the stakes are even higher today. “Healthcare remains a top ransomware target,” she told attendees. “We have to advance how we manage these devices.”

Cyber safety, she argued, is patient safety. But many organizations still struggle with fragmented ownership and disconnected workflows.
“Ownership confusion is a big [issue],” she said. The result is delayed remediation, duplicated effort, and gaps in vulnerability management. HTM teams often sit in the middle—expected to support cybersecurity without consistent access to the systems or tools needed to act effectively, Sollinger explained.

Those challenges grow quickly in connected environments. Hospitals now manage thousands of networked medical devices across multiple facilities, with responsibility split across procurement, IT, security, clinical engineering, and operations. When ownership is unclear, vulnerabilities linger while teams determine who has authority to act. What begins as a technology issue becomes an operational burden, slowing response across departments and compounding workload pressures as programs grow.

“Continuous planning and reporting; planning for the vulnerabilities you have and how defined work is tracked across the organization,” she said. “But spreadsheets alone are not effective.”

Yes, spreadsheets and informal coordination may work in smaller environments, Sollinger said, but they quickly break down under the volume and complexity of modern healthcare operations. She cited one organization that went through 17 or 18 iterations in a single month just to reconcile vulnerability tracking across teams.

The lesson? “We can’t continue relying on informal outreach as the primary way of coordinating work,” she said. “It pulls people away from their core responsibilities and does not scale.”

Her advice to AAMI attendees was to start small but design for scale. “Run a pilot across two facilities first,” she recommended. “Use that to understand what scaling would look like across 10 or more sites.”

HTM Homepage