medical

Securing Connected Medical Devices

SECURING CONNECTED MEDICAL DEVICES

iStock-831434332.jpg

MEDICAL DEVICES

These kinds of innovations face new and diverse threats not previously in existence. As soon as a medical device is connected in some way, either wirelessly or wired, using a persistent connection or one that is transient, either one-directional or bi-directional, the medical device becomes much easier to disrupt, and the potential disruption much more severe.

 
iStock-1027745330.jpg

The use of connectivity in healthcare devices to collect and disseminate real-time data for faster, more accurate analysis, or tailored treatment has certainly created a significant opportunity for medical professionals to improve diagnoses and treatment, and for healthcare providers to reduce operating costs and enable remote monitoring.

However, these devices also bring significant risks if security is not managed properly. These no only include risks to sensitive patient data, but to the patient themselves. When developing a device, or assessing the risks associated with using a device medical professionals and health IT departments there are criteria that should be considered.


CRITERIA THAT SHOULD BE CONSIDERED:

iStock-1174418677.jpg
  • To protect patient privacy, tokenization of patient identity should be used in data stores where feasible.

  • End-to-end encrypted data communications should be used to preserve confidentiality for communications that cross the Internet, although where possible patient data should not cross the internet.

  • Digital signatures should be used to preserve integrity. Highly-sensitive data such as firmware should only be accepted from authenticated end-points.

  • Where possible, Denial of Service attacks should be mitigated by only accepting connection attempts from trusted network zones or specific IP addresses; where this is not possible, connection attempts should be rate limited.

  • Where data flows in both directions, the security context should be mutually authenticated and cryptographic mechanisms including encryption and signature verification should be bidirectional.

  • System integrators must check that devices using encryption support compatible cipher suites which are sufficiently strong for the lifetime of the product or device.

  • To minimize the attack surfaces, unneeded platform services should be turned off.

  • Security controls should be enabled and only lenient when there is a sufficiently low risk to do.


 

Subscribe to Ignite to access expanded courses on Cybersecurity and so much more!

 


Patient ID Ban (And Why It Should Be Removed)

PATIENT ID BAN (And Why it Should Be Removed)

iStock-1077164964.jpg

A unique or national patient identifier is similar to a Social Security number, where a number code would be used across all providers to identify individual patients. This would replace the current system that uses a name, address, or date of birth. Patient Identifiers are thought to solve the issue of inconsistent patient matching.

The Patient ID ban prohibits the Department of Health and Human Services (HHS) from funding, implementing, or developing a unique patient identifier system to eliminate or reduce the inconsistent patient matching.


iStock-1165618971.jpg

WHY SHOULD THE PATIENT ID BAN BE REMOVED?

With the removal of the Patient ID ban, numerous incidents in healthcare that are due to patient mismatching would be reduced.

Incidents that can occur due to patient mismatching includes but are not limited to:

  • Losing a loved one because he or she is mistaken for another patient, leading to a medical error.

  • An infant given expressed breast milk from the wrong mother who was infected with hepatitis.

  • A patient in cardiac arrest denied lifesaving care because the care team pulled the wrong patient's record and adhered to a do not resuscitate order.

  • Opiates unknowingly prescribed to patients with a history of addiction.


DOWNLOAD A “Patient id ban” INFOGRAPHIC BELOW:


 

After downloading that infographic, Subscribe to Ignite to access expanded, self-paced courses and so much more!