Addressing Cybersecurity in Infusion Devices

Similar documents
Medical Device Cybersecurity: FDA Perspective

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Medical Devices Cybersecurity? Introduction to the Cybersecurity Landscape in Healthcare

Cyber Security Program

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Cybersecurity and Hospitals: A Board Perspective

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Meaningful Use or Meltdown: Is Your Electronic Health Record System Secure?

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

One Hospital s Cybersecurity Journey

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation

ANATOMY OF AN ATTACK!

HIPAA Regulatory Compliance

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Security Fundamentals for your Privileged Account Security Deployment

Addressing the elephant in the operating room: a look at medical device security programs

FDA & Medical Device Cybersecurity

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

Security

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

Security and Privacy Governance Program Guidelines

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

Choosing the right two-factor authentication solution for healthcare

10 FOCUS AREAS FOR BREACH PREVENTION

SECURITY & PRIVACY DOCUMENTATION

MEDICAL DEVICE SECURITY. A Focus on Patient Safety February, 2018

HIPAA Security and Privacy Policies & Procedures

CYBERSMART BUILDINGS. Securing Your Investments in Connectivity and Automation

Clinical Segmentation done right with Avaya SDN Fx for Healthcare

Cyber Risk and Networked Medical Devices

Keys to a more secure data environment

Your Challenge. Our Priority.

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Medigate and Palo Alto Networks Integration

Medical Device Vulnerability Management

DOD Medical Device Cybersecurity Considerations

Compliant. Secure. Dependable.

Information Governance, the Next Evolution of Privacy and Security

HEALTH CARE AND CYBER SECURITY:

IPM Secure Hardening Guidelines

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

Internet of Medical Things (IoMT)

SECURING DEVICES IN THE INTERNET OF THINGS

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

MANAGING CYBER RISKS ACROSS THE SOFTWARE SUPPLY CHAIN

Attackers Process. Compromise the Root of the Domain Network: Active Directory

JUST WHAT THE DOCTOR ORDERED: A SOLUTION FOR SMARTER THERAPEUTIC DEVICES PLACEHOLDER IMAGE INNOVATORS START HERE.

Achieving End-to-End Security in the Internet of Things (IoT)

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

SECURING DEVICES IN THE INTERNET OF THINGS

Putting security first for critical online brand assets. cscdigitalbrand.services

PULSE TAKING THE PHYSICIAN S

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Cloud Communications for Healthcare

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

Securing Devices in the Internet of Things

The security challenge in a mobile world

THREAT REPORT Medical Devices

CyberFence Protection for DNP3

Recommendations for Device Provisioning Security

HEALTHCARE IT NETWORK SURVEY REPORT

Mapping BeyondTrust Solutions to

Incident Response Table Tops

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

CyberArk Privileged Threat Analytics

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Layer Security White Paper

Executive Insights. Protecting data, securing systems

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

SHA-1 to SHA-2. Migration Guide

CHIEF INFORMATION OFFICER

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

National Institute of Standards and Technology

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

OA Cyber Security Plan FY 2018 (Abridged)

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Illinois Cyber Navigator Program

Control Systems Cyber Security Awareness

Cybersecurity Survey Results

Security Overview of the BGI Online Platform

Xerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers

Securing Industrial Control Systems

Suzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA

The Next Frontier in Medical Device Security

CloudSOC and Security.cloud for Microsoft Office 365

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Crash course in Azure Active Directory

Transcription:

Addressing Cybersecurity in Infusion Devices Authored by GEORGE W. GRAY Chief Technology Officer / Vice President of Research & Development Ivenix, Inc.

INTRODUCTION Cybersecurity has become an increasing concern in the medical device arena. As medical devices become more connected, they are more vulnerable to hackers who may wish to compromise or control that device, or even use it as an entry point to more broadly attack the healthcare network. These concerns are getting increasing attention in the media, the FDA, and within the U.S. federal government. For example, in 2014, the Department of Homeland Security (DHS) began investigating 24 cases of suspected cyber security flaws in medical devices and hospital equipment. This included a review by DHS s Industrial Control Systems Cyber Emergency Response Team (ICS- CERT) of security flaws reported in existing infusion pumps and backend infusion management systems. These investigations revealed security vulnerabilities that, in some cases, allowed the devices to be reprogrammed through a cyber-attack 1. In May 2015, TrapX Security 2, a cybersecurity research firm, published a report entitled Anatomy of an Attack MEDJACK (Medical Device Hijack) 3. The study begins by stating, Medical Devices have become the key pivot point for attackers within healthcare networks. They are visible points of vulnerability in the healthcare enterprise and the hardest area to remediate even when attacker compromise is identified. These persistent cyberattacks threaten overall hospital operations and the security of patient data. In October of 2014, the FDA issued guidance for medical device manufacturers entitled Content of Premarket Submissions for Management of Cybersecurity in Medical Devices 4. In this document the FDA states, Manufacturers should address cybersecurity during the design and development of the medical device, as this can result in more robust and efficient mitigation of patient risk. Though the FDA is focused on what key mitigations are needed to better defend against cyber-attacks, most devices have legacy architectures that are difficult to retrofit with the appropriate cybersecurity controls. To make matters worse, most medical devices are difficult to update and often need to be taken out of service to perform even minor security updates. For a fleet of 500-1000 of infusion pumps, the logistics of performing regular security updates is not only expensive but can be logistically difficult as well. Cybersecurity is a moving target, and as stated by the FDA, requires that medical device manufacturers and health care facilities need to take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cybersecurity threats. This begins with the development of medical devices that can anticipate these threats and provide a multi-tiered approach to responding to them. 2

First and foremost, medical devices need to create a wall between the core operations of the device and those components that provide network access to and from the outside world. To the extent possible, devices should be designed such that they both physically and logically isolate the operation of the device from those software components most vulnerable to cyber-attacks. Creating a level of indirection from the outside world is also valuable. Ideally, any medical device that communicates on the hospital network should utilize a built-in firewall to help block unwanted traffic and help prevent such things as denial of service attacks. The desire for more intelligence and better communications at the bedside has driven the need to leverage the capabilities of existing operating systems. However, this should not drive the design of the device s core components that may operate more efficiently and be less vulnerable to attacks, if developed to run on a separate processor without an operating system at all. Regardless of the architectural decisions made, devices, such as infusion pumps, should never allow a cyber-attacker to change the rate, dose or any other programmed setting or, in any other way, interrupt the therapy being delivered. Requiring confirmation through the device s user interface of programming changes is one way to reduce this risk. Another is to control the way in which the device exchanges information with the outside world. Because threats often occur when vulnerabilities are compromised on other systems in the healthcare enterprise, it is important to try to maintain control over all direct communications with medical devices. For example, if an EMR is allowed to directly control the operation of an infusion device, that device may become vulnerable to attacks if the EMR system and the interface to the pump are compromised. Though tight integration with the EMR is a necessary feature of any infusion management solution, it should never be done in a way that could compromise the operation of the pump. 3

Ideally, medical devices should initiate all communication and do so through a secure session with a known, authenticated client. With this approach, the session, communication protocol, and information exchange is controlled within the domain of the vendor s solution. In cases where communication to outside systems such as the EMR is required, it should be performed through a proxy, such as interface servers. In addition to providing a level of indirection, these servers can be configured to utilize specific communication ports, adhere to safer communication protocols, and leverage the latest enterprise threat management solutions. In order to leverage mainstream IT security solutions, medical devices should leverage leading edge mechanisms for establishing secure communications, ensuring data integrity, and encrypting data. For example, secure communication protocols such as TLS/SSL, which is used to secure HTTPS, could be utilized to facilitate communications between the device and its proxy server. Cryptographic hash functions, such as SHA-2, could be used to ensure the integrity of data passed to and from the device. And digital signatures could be used to ensure that content, such as a software update, is coming from a trusted source. In order to prevent the eavesdropping of messages, medical devices should avoid sending plain text over the network. In order to avoid this, encryption should be utilized at multiple levels. For Wi-Fi connected devices, secure, encrypted communication such as WPA2/AES should be employed. TLS/SSL could be used to further encrypt the transmitted data and provide strong authentication between the medical device and its proxy server. And application level encryption of user passwords and patient identifying information should also be utilized. To a certain extent, it is understandable why the medical device industry has been slow to adopt common IT mitigations against cyber-attacks. Redesigning these legacy products requires significant changes to their underlying architecture, extensive testing and resubmittals to the FDA. However, even these legacy devices must begin to address some of the more basic vulnerabilities facing the healthcare industry today. For example, hardcoded passwords are very common in medical devices, making them more vulnerable to attacks. For at least one device, this simple vulnerability was highlighted in a recent recall. It is not uncommon for hardcoded passwords to be shared amongst care providers and thus known by employees who have since left the institution. To address this, vendors must move away from hardcoded passwords and allow institutions to utilize the same strict user management policies used throughout the enterprise on the devices as well. At a minimum, vendors should provide hospitals with a way to set passwords and user permissions on medical devices and do so in a way that can be centrally managed. Ideally, these tools should integrate with existing infrastructure, such as Active Directory, allowing institutions to 4

manage device access in the same way they manage all other access to their healthcare enterprise. Devices must be designed with the expectation that they will be attacked. In anticipation of this, vendors should provide hospitals with the ability to monitor for such conditions and to apply new security patches seamlessly when a breach is identified. In addition to detecting the attacks themselves, devices should log the occurrence of such attacks and be able to communicate this information to a central monitoring service. REFERENCES 1. Infusion pump and infusion management system vulnerabilities are listed on the ICS-CERT website at https://ics-cert.us-cert.gov 2. The TrapX Security website is located at http://trapx.com/ 3. This report can be found at http://deceive.trapx.com/ AOAMEDJACK_210_Landing_Page.html 4. FDA guidance on cybersecurity for medical devices issued October 2, 2014 In order to streamline the delivery of security updates, vendors must first tailor their internal processes to be able to quickly respond to new threats. They should also build devices that are capable of downloading software updates over the network and applying those updates with minimal effort. Finally, vendors should provide solutions that enable software updates to be coordinated centrally and in a way that minimally impacts the care of patients. At Ivenix, we imagine our devices someday operating in a world where patient care extends unencumbered by the four walls of the hospital. We imagine an increasing need for remote care and monitoring, and for devices that can move seamlessly from the hospital, to lower acuity settings, and into the home. We imagine the need for devices that will continue to operate with centralized care systems regardless of their location, exchanging information, and providing users with the information that help guide clinical decisions. Because we ve imagined this world, we are designing an infusion device and management system that is cyber-secured and ready for healthcare in the 21st century. Ivenix, Inc. 50 High Street, Suite 50 North Andover, MA 01845 1-978-792-5000, www.ivenix.com 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback