Healthcare and Technology news
37.6K views | +0 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

The Security Risks of Medical Devices

The Security Risks of Medical Devices | Healthcare and Technology news | Scoop.it
There are a large number of potential attack vectors on any network. Medical devices on a healthcare network is certainly one of them. While medical devices represent a potential threat, it is important to keep in mind that the threat level posed by any given medical device should be determined by a Security Risk Assessment (SRA) and dealt with appropriately.

So let’s assume the worst case and discuss the issues associated with medical devices. First off, it must be recognized that any device connected to a network represents a potential incursion point. Medical devices are regulated by the FDA, and that agency realized the security implications of medical devices as far back as November 2009, when it issued this advisory. In it, the FDA emphasized the following points:

Medical device manufacturers and user facilities should work together to ensure that cybersecurity threats are addressed in a timely manner.
The agency typically does not need to review or approve medical device software changes made for cybersecurity reasons.
All software changes that address cybersecurity threats should be validated before installation to ensure they do not affect the safety and effectiveness of the medical devices.


Software patches and updates are essential to the continued safe and effective performance of medical devices.


Many device manufacturers are way behind on cybersecurity issues. As an example, many devices are still running on Windows XP today, even though we are one year past the XP support deadline. They are often loathe to update their software for a new operating system. In other situations device manufacturers use the XP support issue as a way to force a client to purchase a new device at a very high price. All healthcare facilities would be well advised to review any purchase and support contracts for medical devices and make sure that things such as Windows upgrades do not force unwanted or unnecessary changes down the road. While there are options to remediate risks around obsolete operating systems, they are unnecessary and costly. Manufacturers should be supporting their products in a commercially reasonable manner.

Why would anyone be interested in hacking into a medical device? Of course there are those that would argue that anything that can be hacked will be hacked, “just because”. While it is possible that hacking could also occur to disrupt the operations of the device, the more likely reason is that getting onto a medical device represents a backdoor into a network with a treasure trove of PHI that can be sold for high prices on the black market. Medical devices are often accessible outside of normal network logon requirements. That is because manufacturers maintain separate, backdoor access for maintenance reasons.


Hackers armed with knowledge of default passwords and other default logon information can have great success targeting a medical device. For example, this article details examples of a blood gas analyzer, a PACS system and an X-Ray system that were hacked. Many times healthcare IT departments are unaware or unable to remediate backdoor access to these systems. These are perhaps more “valuable” as a hack because they are hard to detect and can go unnoticed for a long period of time. As a reminder, the Target data breach last year was initiated because the access that a third party had to the retailer’s network was compromised. A complete SRA should inventory all network connected medical devices and analyze the access/credentials that a device has, and any associated security threat. The best defense is a good offense – make sure that networked devices have proper security built in and implemented. Then your devices will no longer be “the weak link in the chain”.

more...
No comment yet.
Scoop.it!

Congressman starts 2015 with push to repeal medical device tax

Congressman starts 2015 with push to repeal medical device tax | Healthcare and Technology news | Scoop.it

Repealing the medical device tax will be the first effort put forth by Rep. Erik Paulsen as the 114th Congress gets under way.

The Republican from Minnesota has introduced the Protect Medical Innovation Act to broad bipartisan support. The legislation looks to repeal the 2.3 percent excise tax included in the Affordable Care Act. The bill currently has 254 cosponsors, 27 of whom are Democrats.

"The medical device tax continues to stifle innovation, cost American jobs, and drive up healthcare costs despite bipartisan opposition in both houses of Congress," Paulsen said in a announcement on his website. "The American people are looking for their elected officials in Washington to find common ground and repealing the medical device tax is a great place to start."

However, while Paulsen says the tax is driving up costs, the financial impact on the medical device industry should be "relatively small," according to a report published in November by Congressional Research Service.

"No more than 1,200 employees" of medical device manufacturers should lose their jobs, according to the report. In addition, industry output and employment likely will fall by no more than two-tenths of a percent, the report says.

This is also not the first time Paulsen has introduced legislation of this nature. In the last Congress, his legislation on the device tax passed the House twice, but was never voted on in the Senate.

Another, similar bill will most likely follow Paulsen's legislation. Last year Sens. Michael Bennet (D-Colo.) and Orrin Hatch (R-Utah) introduced the Medical Electronic Data Technology Enhancement for Consumers' Health (MEDTECH) Act, aiming to exempt low-risk medical software and mobile medical apps from regulation by the U.S. Food and Drug Administration.

While that bill was introduced with only a month remaining in the 113th Congress, Hatch said it will be reintroduced this year, FierceHealthIT previously reported. He added that his bill will work in conjunction with Paulsen's repeal of the medical device tax, which he is strongly opposed to.

"There's so many stupid aspects of that," Hatch has said of the device tax, "it would take all day to explain them to you."


more...
No comment yet.
Scoop.it!

Digital health in 2015: What's hot and what's not?

Digital health in 2015: What's hot and what's not? | Healthcare and Technology news | Scoop.it

I think it’s fair to say that digital health is warming up. And not just in one area. The sheer number and variety of trends are almost as impressive as the heat trajectory itself. The scientist in me can’t help but make the connection to water molecules in a glass — there may be many of them, but not all have enough kinetic energy to ascend beyond their liquid state. The majority are doomed to sit tight and get consumed by a thirsty guy with little regard for subtle temperature changes.


With this in mind, let’s take a look at which digital health trends seem poised to break out in 2015, and which may be fated to stay cold in the glass. As you read, keep in mind that this assessment is filtered through my perspective of science, medicine, and innovation. In other words, a “cold” idea could still be hot in other ways.

Collaboration is hot, silos are not. Empowerment for patients and consumers is at the heart of digital health. As a result, the role of the doctor will shift from control to collaboration. The good news for physicians is that the new and evolved clinician role that emerges will be hot as heck. The same applies to the nature of innovation in digital health and pharma. The lone wolf is doomed to fail, and eclectic thinking from mixed and varied sources will be the basis for innovation and superior care.

Scanners are hot, trackers are not. Yes, the tricorder will help redefine the hand-held tool for care. From ultrasound to spectrometry, the rapid and comprehensive assimilation of data will create a new “tool of trade” that will change the way people think about diagnosis and treatment. Trackers are yesterday’s news stories (and they’ll continue to be written) but scanners are tomorrow headlines.

Rapid and bold innovation is hot, slow and cautious approaches are not. Innovators are often found in basements and garages where they tinker with the brilliance of what might be possible. Traditionally, pharmaceutical companies have worked off of a different model, one that offers access and validation with less of the freewheeling spirit that thrives in places like Silicon Valley. Looking ahead, these two styles need to come together. The result, I predict, will be a digital health collaboration in which varied and conflicting voices build a new health reality.

Tiny is hot, small is not. Nanotechnology is a game-changer in digital health. Nanobots, among other micro-innovations, can now be used to continuously survey our bodies to detect (and even treat) disease. The profound ability for this technology to impact care will drive patients to a new generation of wearables (scanners) that will offer more of a clinical imperative to keep using them.

Early is hot, on-time is not. Tomorrow’s technology will fuel both rapid detection and the notion of “stage zero disease.” Health care is no longer about the early recognition of overt signs and symptoms, but rather about microscopic markers that may preempt disease at the very earliest cellular and biochemical stages.

Genomics are hot, empirics are not. Specificity — from genomics to antimicrobial therapy — will help improve outcomes and drive costs down. Therapy will be guided less and less by statistical means and population-based data and more and more by individualized insights and agents.

AI is hot, data is not. Data, data, data. The tsunami of information has often done more to paralyze us than provide solutions to big and complex problems. From wearables to genomics, that part isn’t slowing down, so to help us manage it, we’ll increasingly rely on artificial intelligence systems. Keeping in mind some of the inherent problems with artificial intelligence, perhaps the solution is less about AI in the purest sense and more around IA — intelligence augmented. Either way, it’s inevitable and essential.

Cybersecurity is hot, passwords are not. As intimate and specific data sets increasingly define our reality, protection becomes an inexorable part of the equation. Biometric and other more personalized and protected solutions can offer something that passwords just can’t.

Staying connected is hot, one-time consults are not. Medicine at a distance will empower patients, caregivers, and clinicians to provide outstanding care and will create significant cost reductions. Telemedicine and other online engagement tools will emerge as a tool for everything from peer-to-peer consultation in the ICU to first-line interventions.

In-home care is hot, hospital stays are not. “Get home and stay home” has always been the driving care plan for the hospitalized patient. Today’s technology will help provide real-time and proactive patient management that can put hospital-quality monitoring and analytics right in the home. Connectivity among stakeholders (family, EMS, and care providers) offers both practical and effective solutions to care.

Cost is hot, deductibles are not. Cost will be part of the “innovation equation” that will be a critical driver for market penetration. Payers will drive trial (if not adoption) by simply nodding yes for reimbursement. And as patients are forced to manage higher insurance deductibles, options to help drive down costs will compete more and more with efficacy and novelty.

Putting it all together: What it will take to break away in 2015?

Beyond speed lies velocity, a vector that has both magnitude and direction. Smart innovators realize that their work must be driven by a range of issues from compatibility to communications. Only then can they harness the speed and establish a market trajectory that moves a great idea in the right direction. Simply put, a great idea that doesn’t get noticed by the right audience at the right time is a bit like winking to someone in the dark. You know what you’re doing, but no one else does.


more...
No comment yet.