Information Security Guide

Transcription

1 Broadband Kit Information Security Guide Broadband Kit ISO IS

2 Broadband Kit Information Security Guide CONTENTS 1. Introduction Target audience Overview of St. Jude Medical equipment Security Threats Network security Data protection Threat summary Clinical Considerations Physical protection of products and information Technology configurations Contact Us... 5 Broadband Kit Information Security 2

3 Information Security Guide Executive Summary This document provides an overview of Information Security controls implemented by St. Jude Medical to support the connectivity of its remote monitoring system as it communicates with its Merlin.net Patient Care Network (PCN). The St. Jude Medical Global Information Protection Assurance (GIPA) Department is responsible for the release, control and maintenance of this document. St. Jude Medical utilizes a holistic approach to protecting the confidentiality, integrity and availability of health information by addressing the risks to the entire information lifecycle, thereby providing high levels of security and compliance. Merlin.net PCN is the first medical device network to be awarded ISO/IEC 27001:2005 certification, a stringent worldwide information security standard. 1. Introduction The purpose of this document is to describe security controls implemented to address information security risks related to the St. Jude Medical broadband kit, which allows the Merlin@home transmitter to send data securely via a wireless network connection to the Merlin.net PCN. To accomplish this, the broadband kit must securely connect to the local networks. The content of this document describes the breadth and impact of implementing this technology. 1.1 Target audience This document was created for the benefit of IT and security personnel supporting physicians and clinical staff responsible for monitoring St. Jude Medical implanted pacemakers and defibrillators. This document will provide information about security controls relative to the connectivity and network reliability of the Merlin@home transmitter. 1.2 Overview of St. Jude Medical equipment St. Jude Medical is among a number of medical device manufacturers producing implantable pacemakers and defibrillators for cardiac care. These devices are specifically focused toward cardiac rhythm management. The implantable cardiac rhythm management devices from all manufacturers are managed by clinicians and physicians using two types of equipment: the in-clinic programmer and the smaller transmitter that can only interrogate devices. This document focuses on the transmitter. St. Jude Medical Merlin@home Transmitter and Merlin.net PCN St. Jude Medical provides a two-part remote care system: the Merlin@home transmitter collects diagnostics from implanted devices; and, the Merlin.net PCN stores and presents the data to patient care providers. The latter service, Merlin.net PCN, is a Web portal available to authenticated users. The Merlin@home transmitter is intended for the following: Remote daily monitoring Scheduled transmissions of information pertaining to patients disease status and device performance On-demand transmissions of information pertaining to patients disease status and device performance (MerlinOnDemand capability and MerlinOnDemand HF capability) used in a hospital or clinic setting, as opposed to in a patient s home Cellular Adapter With access to landlines diminishing and some patients choosing to forego a home phone in favor of a cellular one, the cellular adapter is increasingly becoming an important portable accessory. It can give both patient and physician the confidence of connectivity whether a landline is available or not. The cellular adapter also delivers superior performance transmitting data digitally rather than over traditional analog landlines. The cellular adapter connects the Merlin@home transmitter to the Merlin.net PCN via cellular networks. The below bulleted points describe the functionality of the cellular adapter: Automatically searches for and connects to the cellular network for use in areas where a landline is either unavailable or inconvenient Does not require any additional hardware and operates on the power supply of the Merlin@home transmitter Transmits data digitally on the 3G and GSM bands of the cellular network for exceptional global coverage and rapid data transfer Broadband Kit The St. Jude Medical broadband kit consists of a wireless router and wireless USB adapter. This kit allows Merlin@home transmitters to send data securely to the Merlin.net PCN from a home, hospital or other local area network connection. Broadband Kit Information Security 3

4 2. Security Threats Evaluated and Solutions Implemented by St. Jude Medical transmitters are used in a variety of environments, including clinic settings, home or office. This section explains mitigating controls implemented by St. Jude Medical to protect patient privacy, device integrity and customer network availability. 2.1 Network security The wireless router provided has been configured to disable all unnecessary services and change any default settings. A firewall has been enabled on the wireless router only to allow ports used for system administration. System administration requires authentication via a username and randomly generated password. The Merlin@home transmitter only establishes a network connection during required data transmissions. This connection is via SSL to the Merlin.net PCN. The Merlin@home transmitter is configured only to allow outbound connections for data transmission. All inbound services are disabled. Once the data transmission is completed, the network connection is terminated and a new connection is established as needed. 2.2 Data protection Patient data transferred over the Internet to the Merlin.net PCN are protected using Transport Layer Security (TLS) encryption of the channel; X509 certificates are unique for each device. Data residing on the Merlin@home transmitter are sent to the Merlin.net PCN. Only St. Jude Medical external media containing the company s signature in the boot record may be used to export the data. All other media are not recognized, and connections are not established for export. 2.3 Threat summary A summary of the threats, vulnerabilities and security measures analyzed and implemented by St. Jude Medical are listed in Table 1. Table 1: Summary of Threats, Vulnerabilities and Security Measures Vulnerability Attack Vector Security Measure Data Protection System Boot System access via a command prompt The maintenance boot is enabled only for St. Jude Medical managed media External Media System Disassembly Network Security Network Access SSL Certificates Patient Information Breach Boot from unknown external media and obtain access to internal storage Obtain access to data by removing it from the Merlin@home transmitter and attaching it to another computer System access via the network connection to obtain a shell prompt, escalation of privileges, or introduction of malware St. Jude Medical network breach using stolen certificates Analysis of network traffic Analysis of media used to export data Merlin@home transmitter will only boot from media that contains the company s signature in the boot record No local storage can be easily removed to access data Only outbound connections are established Outbound connections are closed after transmission No inbound services are enabled Each system has a unique centrally managed certificate Certificates may be revoked in the event of compromise SSL encryption of network traffic Merlin@home transmitter will only export to media that contains the St. Jude Medical signature in the boot record Broadband Kit Information Security 4

5 3. Clinic Considerations 3.1 Physical protection of products and information Protecting St. Jude Medical products and the data stored on them is the shared responsibility of clinics and St. Jude Medical. St. Jude Medical has implemented measures to address securing these systems, but it is up to the clinics using them to make sure they are kept physically safe. 3.2 Technology configurations The St. Jude Medical transmitter requires specific network configurations in order to properly communicate with back-end support infrastructure. This document lists the requirements needed for uninterrupted communication. Please note: Due to variations in customers networked environments, not all configurations will be needed for successful communications. The information provided herein should be used respective to each customer s network infrastructure. Firewall - Any firewall needs to be configured to whitelist (allow) all traffic from St. Jude Medical products outbound to St. Jude Medical external IP address range. St. Jude Medical systems use the following encrypted protocol and port: - TCP port 443 (SSL) St. Jude Medical external destination network: /24 (ARIN reference) Intrusion Detection/Prevention System Any network layer IDS/IPS (intrusion prevention/intrusion detection system) needs to be configured to whitelist all St. Jude Medical products internal IP addresses. Web Proxy Servers Any Web proxy configuration needs to whitelist all St. Jude Medical products internal IP addresses. SSL Proxy Due to tighter security configurations within St. Jude Medical products, SSL proxy servers would need to exempt them from packet inspection. Proxy Firewalls Any proxy firewall would need to allow IP traffic from all St. Jude Medical products internal IP addresses outbound to St. Jude Medical external IP address range. 4. Contact Us For questions regarding Merlin.net PCN or this white paper, please contact: Remote Care Technical Support (US): MyMerlin ( ) MyMerlin@sjm.com Device Monitoring (Non-US): Contact your local representative or (+46) Global Headquarters One St. Jude Medical Drive St. Paul, Minnesota Fax St. Jude Medical Cardiovascular & Ablation Technologies 5050 Nathan Lane North Plymouth, Minnesota Fax St. Jude Medical Implantable Electronic Systems Valley View Court Sylmar, California Fax U.S. Division 6300 Bee Cave Road Bldg. Two, Suite 100 Austin, TX Fax SJM Coordination Center BVBA The Corporate Village Da Vincilaan 11 Box F Zaventem, Belgium Fax St. Jude Medical Brasil Ltda. Rua Itapeva, 538 5º ao 8º andar São Paulo SP Brazil Fax St. Jude Medical (Hong Kong) Ltd. Suite 1608, 16/F Exchange Tower 33 Wang Chiu Road Kowloon Bay, Kowloon Hong Kong SAR Fax St. Jude Medical Australia Pty, Ltd. 17 Orion Road Lane Cove, NSW 2066 Australia Fax SJMprofessional.com Rx Only Brief Summary: Prior to using these devices, please review the Instructions for Use for a complete listing of indications, contraindications, warnings, precautions, potential adverse events and directions for use. Unless otherwise noted, indicates that the name is a trademark of, or licensed to, St. Jude Medical or one of its subsidiaries. ST. JUDE MEDICAL and the nine-squares symbol are trademarks and service marks of St. Jude Medical, Inc. and its related companies St. Jude Medical, Inc. All Rights Reserved. GMCRM1205EN