Network World - Austin, Texas -- Security for medical equipment such as MRI machines to and pacemakers is woeful, even though these devices today connect to networks and sometimes face risks from malware or hacking, according to a panel of university researchers speaking at this week's Design Automation Conference.
Applying encryption and strong authentication to protect implantable patient devices to prevent tampering is still largely in the research phase, these experts say. But when it comes to hospital equipment that uses commercial operating systems such as Microsoft Windows, the manufacturers are too often reluctant to patch security holes, and sometimes even tell hospital staff the lie that the Food and Drug Administration (FDA) doesn't allow it. A
Kevin Fu, associate professor at the University of Michigan, said he knows of a large Boston hospital in which Windows XP is part of MRI processes and they haven't been patched since 2007. Fu said hospital staffers have told him they're not allowed to update these devices. The excuse, which is heard often, says Fu, is that medical-device manufacturers say the Food & Drug administration (FDA) won't allow updates, which isn't true. A
Updating medical gear is hard but it has to be done, said Fu. He also noted that sometimes the way that medical-device software updates are supplied is very lax in terms of security. For instance, Fu said he's seen a hospital ventilator manufacturer post a software update on its website. But when Fu visited the manufacturer's website, he got a security warning on his own computer that "visiting this site may harm your computer" because the manufacturer's site had been infected with malware and was distributing it.
"As far as I know, malware didn't get into the ventilator itself. We just know the vendor's website was distributing malware for 90 days," Fu said.
But some medical-device manufacturers aren't so timid to step up to the security challenge. Boston Scientific Corp., which makes a line of implantable cardiac medical devices, was represented on the DAC panel by Ken Hoyme, a senior fellow in the systems engineering arm of the firm.
The range of implantable cardiac devices designed by Boston Scientific do not use third-party commercial operating systems like Microsoft, said Hoyme. Nevertheless, modern approaches to networking and information sharing do mean that these implantable devices are designed for maintenance via wireless networks. A
While strong authentication and encryption are good security ideas, they are difficult to apply to implantable devices mainly because a patient might suddenly have an emergency in which access to the implantable device is needed immediately by a medical professional at any time and place. So the dilemma is that security might actually impede safety.
Apple has assembled an all-star team featuring some of the world's most proficient and well-connected biosensor engineers. Is this extensive investment entirely dedicated to an iPhone app called Healthbook and an accessory called an iWatch?
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Patient Portals: A Platform for Connecting Communities of Care
- Connecting patient health data across the care continuum is essential to achieve improved care, increased access to personal health records and lowered costs.
- 3 Ways Clinicians Can Leverage a Patient Portal to Craft a Healthcare Community
- With a bevy of vendors offering patient portal solutions, it can be challenging for a hospital to know where to start. Fortunately, YourCareCommunity...
- Healthcare Firm Ramps Up for Claims Processing Spikes
- Huge increases in claims processing loads and stringent SLAs for Medicaid patients prompted Molina Healthcare to enhance their IT infrastructure with VCE.
- Path Selection Infographic
- Path Selection Infographic
- Hyperconvergence Infographic
- A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster... All Healthcare IT White Papers
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the...
- Endpoint Data Management: Protecting the Perimeter of the Internet of Things Not surprisingly, "Internet of Things" (IoT) and Big Data present new challenges AND opportunities for enterprise IT. Teams need to harness, secure and...
- How to Protect Enterprise Data Yet Enable Secure Access for End Users Learn how BYOD, Big Data and the use of rogue applications and devices is putting corporate data at risk, best practices from IT...
- All Healthcare IT Webcasts