Best Practices Framework for
Health Care Cyber Protection of MEP Systems

Best Practices Framework for Health Care Cyber Protection of MEP Systems

Cyber-risk mitigation is least expensive and most effective when implemented at the initial planning stage of a project. This monograph introduces best practices to mitigate cyber-risk for mechanical, electrical and plumbing (MEP) systems. Vulnerabilities to health care MEP cyberthreat include the disabling of a life safety system, equipment damage, disruption of facility operations or a cyber entry point to a larger hospital network. Cyber-risk increases as buildings and equipment become smarter, more connected and more reliant on networks.

This document outlines a team approach, starting with the health care organization leadership setting the expectations and cyber-risk mitigation tone for the project. When executive leadership empowers information technology, operational technology and facilities professionals, an effective cyber-risk mitigation plan can be enacted. A thoughtful cyber-risk process addresses the safety, efficiency and compliance goals of the health care facility.

This monograph is based on a holistic design and construction process to set up owner operations for success. While it is directed toward new construction projects, the principles may be applicable elsewhere.

 Members Access PDF Members can download a free PDF of the entire monograph
Nonmembers Download PDF Catalog number: P055588
Nonmember: $35.00
Order Print Version Product code: 055588
Member: $25.00, Nonmember: $35.00

Supplementary Materials

Download the Construction and Design
RACI Templates

 
 
Construction RACI preview: Best Practices Framework for Health Care Cyber Protection of MEP Systems

ASHE authorizes the copy, use and customization of these templates, by health care facilities for non-commercial use only. In consideration of this authorization, the user agrees that any copy of this document which the user makes shall retain all copyright and other proprietary notices that may be contained therein. ASHE accepts no responsibility or liability for the accuracy or the completeness of the information in this document.

 

Related Resources

On-Demand Educational Webinars
Recorded October 25, 2016Speaker: George Mills, MBA, FASHE, CEM, CHFM, CHSP, Director o
On-Demand Educational Webinars
Recorded October 24, 2016Speaker: Jonathan Flannery, MHSA, CHFM, FASHE, FACHE, Senior Associate Dir
On-Demand Educational Webinars
Recorded October 27, 2016Speakers: Joe Fiorito, Caterpillar Inc., Electric Power Division, Rental Manager; Ben Thomas, Ca
On-Demand Educational Webinars
Recorded August 10, 2016The Centers for Medicare & Medicaid Services has adopted the 2012 edition of NFPA 101.
On-Demand Educational Webinars
Speakers: George Mills, MBA, FASHE, CEM, CHFM, CHSP, Director of Engineering, Department of Engineering, The Joint Commission
On-Demand Educational Webinars
Recorded June, 2016Speaker: Tim AdamsThis video outlines changes made in 2016 to the CMS Condit