Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Medical Device Security At A Crossroads

Posted on April 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As anyone reading this knows, connected medical devices are vulnerable to attacks from outside malware. Security researchers have been warning healthcare IT leaders for years that network-connected medical devices had poor security in place, ranging from image repository backups with no passwords to CT scanners with easily-changed configuration files, but far too many problems haven’t been addressed.

So why haven’t providers addressed the security problems? It may be because neither medical device manufacturers nor hospitals are set up to address these issues. “The reality is both sides — providers and manufacturers — do not understand how much the other side does not know,” said John Gomez, CEO of cybersecurity firm Sensato. “When I talk with manufacturers, they understand the need to do something, but they have never had to deal with cyber security before. It’s not a part of their DNA. And on the hospital side, they’re realizing that they’ve never had to lock these things down. In fact, medical devices have not even been part of the IT group and hospitals.

Gomez, who spoke with Healthcare IT News, runs one of two companies backing a new initiative dedicated to securing medical devices and health organizations. (The other coordinating company is healthcare security firm Divurgent.)

Together, the two have launched the Medical Device Cybersecurity Task Force, which brings together a grab bag of industry players including hospitals, hospital technologists, medical device manufacturers, cyber security researchers and IT leaders. “We continually get asked by clients with the best practices for securing medical devices,” Gomez told Healthcare IT News. “There is little guidance and a lot of misinformation.“

The task force includes 15 health systems and hospitals, including Children’s Hospital of Atlanta, Lehigh Valley Health Network, Beebe Healthcare and Intermountain, along with tech vendors Renovo Solutions, VMware Inc. and AirWatch.

I mention this initiative not because I think it’s huge news, but rather, as a reminder that the time to act on medical device vulnerabilities is more than nigh. There’s a reason why the Federal Trade Commission, and the HHS Office of Inspector General, along with the IEEE, have launched their own initiatives to help medical device manufacturers boost cybersecurity. I believe we’re at a crossroads; on one side lies renewed faith in medical devices, and on the other nothing less than patient privacy violations, harm and even death.

It’s good to hear that the Task Force plans to create a set of best practices for both healthcare providers and medical device makers which will help get their cybersecurity practices up to snuff. Another interesting effort they have underway in the creation of an app which will help healthcare providers evaluate medical devices, while feeding a database that members can access to studying the market.

But reading about their efforts also hammered home to me how much ground we have to cover in securing medical devices. Well-intentioned, even relatively effective, grassroots efforts are good, but they’re only a drop in the bucket. What we need is nothing less than a continuous knowledge feed between medical device makers, hospitals, clinics and clinicians.

And why not start by taking the obvious step of integrating the medical device and IT departments to some degree? That seems like a no-brainer. But unfortunately, the rest of the work to be done will take a lot of thought.

Dell’s Healthcare IT Solutions

Posted on May 1, 2009 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I found this article which described a number of the offerings that Dell has offered to help Healthcare IT. I’m sure this could sound a lot like a sales pitch for Dell. It’s not intended to be a sales pitch for Dell. In fact, most of the solutions are being offered through Dell partners like Symantec, VMWare, Citrix, etc. I’d caution that you should look around since you can certainly find the exact same products from other sales channels than Dell. As always, it’s best to look around when purchasing any of the products described below.

What I did find interesting was all of the various types of packages that Dell and its partners are trying to offer to healthcare IT. My big question for you, is how can we ever keep up with all these cool technologies?

The following are snippets of the article linked above. I’ll add my commentary in italics below each section.

Dell Mobile Clinical Computing Solution

Among the new offerings announced is Dell Mobile Clinical Computing Solutions. This lets physicians access patients’ records from any terminal using smart cards and Symantec’s (Nasdaq: SYMC) Workspace Corporate product for single sign-on and secure authentication.

This capability is not entirely new, however. Sun Microsystems (Nasdaq: JAVA) has offered roaming capabilities using smart cards and single sign-on access through its Sun Ray technology, both in the U.S. and worldwide, for several years now. U.S. Sun Ray customers in the healthcare field include Denver Health, which provides healthcare for a quarter of all residents of Denver, Colo.

Smart Cards are interesting to talk about and interesting to see in action, but I just personally have never been fond of trying to manage smart cards. They’re expensive and prone to be lost. Can someone else make the case for them? I’d be interested to hear it.

On-Demand Desktop Streaming

Another element of Dell’s new lineup is On-Demand Desktop Streaming. This is for stationary environments where data management and security are critical. Virtual disk images will be streamed to desktops. This enhances security because users get a new, pristine image every time they boot up.

While Dell partners with VMware (NYSE: VMW), Microsoft (Nasdaq: MSFT) and Citrix (Nasdaq: CTXS) for virtualization, it’s likely that Citrix has been picked for this solution, as it is based on streaming images to the desktop.

On demand desktop streaming is a really cool concept. I think that in the next 2 years, the thin client on the desktop will become a major reality. Of course, I think this really only applies to large scale implementations that can benefit from the savings of virtualization and thin clients. Small offices will still be buying the regular old desktops. I don’t know what Dell will do, but I see VMWare becoming the dominate player in this space and Citrix losing some of its hold.

Virtual Remote Desktop

Virtual Remote Desktop offers centralized control and management of end-user devices while enabling personalized end-user desktops, access from any device — whether within our outside the corporate firewall — and session mobility, where a single desktop session can follow the user from one device to another.

The solution was developed in collaboration with Citrix. It consists of Citrix XenServer Dell Edition; Citrix Desktop Delivery Controller; Citrix Secure Gateway; and Citrix Provisioning Server.

This sounds like the idea of taking the desktop to your mobile phone. The mobile phone is getting there now with 3G speeds. I’d like to see this work. I’m afraid it’s still not going to be as nice as using a desktop.

Dell, Perot and the Cloud

In addition to Mobile Clinical Computing, Dell is teaming up with Perot Systems to provide virtualized desktop, storage, server and electronic health records on-premise, hosted off-site or in secure private clouds.

Perot also works with other major vendors in healthcare IT, such as IBM (NYSE: IBM) , HP (NYSE: HPQ) and Sun. “We’re vendor-agnostic,” Moss said. “We work with whatever’s best for the client.”

I don’t know anything about Perot systems, but it sounds interesting. I might have to learn more. Anyone else ever used Perot systems before that can tell me what it’s like?