Learn what you can do today to protect your medical devices from attacks and malware while manufacturers start to provide devices with improved security posture. If you missed our recent webinar, click here to view the archived edition.
Jenn - appreciate your follow-up. Just to reiterate a couple of key points from the Webinar: 1. The problem is complex and multi-dimensional. For example, we need to differentiate between information security, which can be provided through access control and encryption, on one side and device security on the other. The latter can be provided through proper device hardening, patching and supplementary security solutions.
As pointed out during the Webinar, traditional antivirus / antimalware may not be the best technology choice here, there are alternative cybersecurity technologies available which are much better suited for the embedded system environment, see for example here: http://www.symantec.com/critical-system-protection. 2. To reiterate the key points from the FDA June 14th, 2013 guidance to be be considered for device design, documentation, and approval:
3. Healthcare providers and device manufacturers are encouraged to join industry working groups targeting the establishment of guidance and best practices. Such working groups are being facilitated by IHE, AAMI, and MDISS. 4. Security specialists, like Symantec, are available to provide information and support to help you understand threat landscape, typical device and system vulnerabilities, and the choices of security technologies available.
This was an informative session and everyone thinking about the complexities and challenges of medical devices on their networks, should take a look.
We know that wireless medical devices provide a multitude of efficiencies for both patients and physicians. Everything from increasing patient mobility without the need to be in a hospital bed and providing the ability of physicians to remotely access and monitor patient data regardless of the location of the patient or physician (hospital, home, office, etc…). This technology greatly enhances patient outcomes by allowing physicians access to real-time data on patients without the physical restraints of being in the same location.
The internet connected devices increase connectivity and provide greater functionality, but also increases risks of both unintentional and malicious tampering of PHI over a multitude of wireless signals and data from medical devices.
New FDA guidance is broad, however it does put some pressure on manufacturers stating that security protocols should be included in the design and development of medical devices. The FDA encourages wireless encryption to protect against unauthorized wireless access to device data.
Although intentionally not prescriptive, the guidance will require coordination across the industry with manufacturers, healthcare organizations and network providers.