Network World - Austin, Texas -- Security for medical equipment such as MRI machines to and pacemakers is woeful, even though these devices today connect to networks and sometimes face risks from malware or hacking, according to a panel of university researchers speaking at this week's Design Automation Conference.
Applying encryption and strong authentication to protect implantable patient devices to prevent tampering is still largely in the research phase, these experts say. But when it comes to hospital equipment that uses commercial operating systems such as Microsoft Windows, the manufacturers are too often reluctant to patch security holes, and sometimes even tell hospital staff the lie that the Food and Drug Administration (FDA) doesn't allow it. A
Kevin Fu, associate professor at the University of Michigan, said he knows of a large Boston hospital in which Windows XP is part of MRI processes and they haven't been patched since 2007. Fu said hospital staffers have told him they're not allowed to update these devices. The excuse, which is heard often, says Fu, is that medical-device manufacturers say the Food & Drug administration (FDA) won't allow updates, which isn't true. A
Updating medical gear is hard but it has to be done, said Fu. He also noted that sometimes the way that medical-device software updates are supplied is very lax in terms of security. For instance, Fu said he's seen a hospital ventilator manufacturer post a software update on its website. But when Fu visited the manufacturer's website, he got a security warning on his own computer that "visiting this site may harm your computer" because the manufacturer's site had been infected with malware and was distributing it.
"As far as I know, malware didn't get into the ventilator itself. We just know the vendor's website was distributing malware for 90 days," Fu said.
But some medical-device manufacturers aren't so timid to step up to the security challenge. Boston Scientific Corp., which makes a line of implantable cardiac medical devices, was represented on the DAC panel by Ken Hoyme, a senior fellow in the systems engineering arm of the firm.
The range of implantable cardiac devices designed by Boston Scientific do not use third-party commercial operating systems like Microsoft, said Hoyme. Nevertheless, modern approaches to networking and information sharing do mean that these implantable devices are designed for maintenance via wireless networks. A
While strong authentication and encryption are good security ideas, they are difficult to apply to implantable devices mainly because a patient might suddenly have an emergency in which access to the implantable device is needed immediately by a medical professional at any time and place. So the dilemma is that security might actually impede safety.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Apple has assembled an all-star team featuring some of the world's most proficient and well-connected biosensor engineers. Is this extensive investment entirely dedicated to an iPhone app called Healthbook and an accessory called an iWatch?
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Patient Portals: A Platform for Connecting Communities of Care
- Connecting patient health data across the care continuum is essential to achieve improved care, increased access to personal health records and lowered costs.
- 3 Ways Clinicians Can Leverage a Patient Portal to Craft a Healthcare Community
- With a bevy of vendors offering patient portal solutions, it can be challenging for a hospital to know where to start. Fortunately, YourCareCommunity...
- Healthcare Firm Ramps Up for Claims Processing Spikes
- Huge increases in claims processing loads and stringent SLAs for Medicaid patients prompted Molina Healthcare to enhance their IT infrastructure with VCE.
- Infographic: Converged Infrastructure Benefits
- This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage
- Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process. All Healthcare IT White Papers
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control.
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- All Healthcare IT Webcasts