Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Healthcare Online User Group

Webinar - Anatomy of a Breach: Medical Devices Under Cyber Attack

Created: 27 Sep 2013 • Updated: 01 Oct 2013 • 2 comments
Karalee Serra's picture
+2 2 Votes
Login to vote

Learn what you can do today to protect your medical devices from attacks and malware while manufacturers start to provide devices with improved security posture. If you missed our recent webinar, click here to view the archived edition.

Comments 2 CommentsJump to latest comment

Jenn Artura's picture

This was an informative session and everyone thinking about the complexities and challenges of medical devices on their networks, should take a look.

We know that wireless medical devices provide a multitude of efficiencies for both patients and physicians. Everything from increasing patient mobility without the need to be in a hospital bed and providing the ability of physicians to remotely access and monitor patient data regardless of the location of the patient or physician (hospital, home, office, etc…). This technology greatly enhances patient outcomes by allowing physicians access to real-time data on patients without the physical restraints of being in the same location.

The internet connected devices increase connectivity and provide greater functionality, but also increases risks of both unintentional and malicious tampering of PHI over a multitude of wireless signals and data from medical devices.

New FDA guidance is broad, however it does put some pressure on manufacturers stating that security protocols should be included in the design and development of medical devices. The FDA encourages wireless encryption to protect against unauthorized wireless access to device data.

Although intentionally not prescriptive, the guidance will require coordination across the industry with manufacturers, healthcare organizations and network providers.

 Jenn Artura

National Manager, Vertical Strategy, Development & Enablement

U.S. Healthcare 
Login to vote
Axel Wirth's picture

Jenn - appreciate your follow-up. Just to reiterate a couple of key points from the Webinar:

1. The problem is complex and multi-dimensional. For example, we need to differentiate between information security, which can be provided through access control and encryption, on one side and device security on the other. The latter can be provided through proper device hardening, patching and supplementary security solutions.

As pointed out during the Webinar, traditional antivirus / antimalware may not be the best technology choice here, there are alternative cybersecurity technologies available which are much better suited for the embedded system environment, see for example here:

2. To reiterate the key points from the FDA June 14th, 2013 guidance to be be considered for device design, documentation, and approval:

  • Limit Access to Trusted Users Only (e.g. authentication; timed user session; layered authorization model and multi-factor authentication; avoid “hardcoded” passwords; authentication for software or firmware updates).
  • Ensure Trusted Content (e.g. authenticated code; secure data transfer / encryption).
  • Use Fail Safe and Recovery Features (e.g. protect critical functionality; recognize compromises security; configuration retention and recovery; cybersecurity documentation; inclusion of security considerations in premarket submission, hazard analysis, mitigations, and design; list: cybersecurity risks, cybersecurity controls, traceability matrix; assure continued safe and effective device use, appropriate documentation, inclusion of cybersecurity recommendations in device instructions).

3. Healthcare providers and device manufacturers are encouraged to join industry working groups targeting the establishment of guidance and best practices. Such working groups are being facilitated by IHE, AAMI, and MDISS.

4. Security specialists, like Symantec, are available to provide information and support to help you understand threat landscape, typical device and system vulnerabilities, and the choices of security technologies available.

Login to vote