Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Medical Device Security At A Crossroads

Posted on April 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As anyone reading this knows, connected medical devices are vulnerable to attacks from outside malware. Security researchers have been warning healthcare IT leaders for years that network-connected medical devices had poor security in place, ranging from image repository backups with no passwords to CT scanners with easily-changed configuration files, but far too many problems haven’t been addressed.

So why haven’t providers addressed the security problems? It may be because neither medical device manufacturers nor hospitals are set up to address these issues. “The reality is both sides — providers and manufacturers — do not understand how much the other side does not know,” said John Gomez, CEO of cybersecurity firm Sensato. “When I talk with manufacturers, they understand the need to do something, but they have never had to deal with cyber security before. It’s not a part of their DNA. And on the hospital side, they’re realizing that they’ve never had to lock these things down. In fact, medical devices have not even been part of the IT group and hospitals.

Gomez, who spoke with Healthcare IT News, runs one of two companies backing a new initiative dedicated to securing medical devices and health organizations. (The other coordinating company is healthcare security firm Divurgent.)

Together, the two have launched the Medical Device Cybersecurity Task Force, which brings together a grab bag of industry players including hospitals, hospital technologists, medical device manufacturers, cyber security researchers and IT leaders. “We continually get asked by clients with the best practices for securing medical devices,” Gomez told Healthcare IT News. “There is little guidance and a lot of misinformation.“

The task force includes 15 health systems and hospitals, including Children’s Hospital of Atlanta, Lehigh Valley Health Network, Beebe Healthcare and Intermountain, along with tech vendors Renovo Solutions, VMware Inc. and AirWatch.

I mention this initiative not because I think it’s huge news, but rather, as a reminder that the time to act on medical device vulnerabilities is more than nigh. There’s a reason why the Federal Trade Commission, and the HHS Office of Inspector General, along with the IEEE, have launched their own initiatives to help medical device manufacturers boost cybersecurity. I believe we’re at a crossroads; on one side lies renewed faith in medical devices, and on the other nothing less than patient privacy violations, harm and even death.

It’s good to hear that the Task Force plans to create a set of best practices for both healthcare providers and medical device makers which will help get their cybersecurity practices up to snuff. Another interesting effort they have underway in the creation of an app which will help healthcare providers evaluate medical devices, while feeding a database that members can access to studying the market.

But reading about their efforts also hammered home to me how much ground we have to cover in securing medical devices. Well-intentioned, even relatively effective, grassroots efforts are good, but they’re only a drop in the bucket. What we need is nothing less than a continuous knowledge feed between medical device makers, hospitals, clinics and clinicians.

And why not start by taking the obvious step of integrating the medical device and IT departments to some degree? That seems like a no-brainer. But unfortunately, the rest of the work to be done will take a lot of thought.

Is The Microsoft Surface Perfect For Hospitals?

Posted on January 28, 2013 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

It’s no secret that there are a few tablets that rule the tablet world. There’s the iPad, obviously, and then the Samsung Galaxy 2, and even the Google Nexus 7. And most of these tablets run with either the iOS or Android. Since many apps that physicians are probably using run with one of these two systems,

However, Microsoft’s attempt to jump into the tablet marketplace might just be a game-changer, and app developers may want to consider it. With the announcement that the Surface, the tablet created by Microsoft, will be shipping out with the new Windows 8 OS. And according to HIStalk Mobile, this might be the perfect tablet for hospitals. Here are a few of the reasons listed:

  • Microsoft is the first company to offer a tablet and laptop that have identical operating systems.  This will “reduce the learning curve, and thus the productivity loss, of a first-time tablet user.”
  • The Surface will be able to run Windows 8 Pro, which means it has the capability of running PC-based software without Citrix or VMware connection. This is the first tablet that can do this, so EMR software, barcode scanner drivers, and more can be used directly from the tablet.

I’ll admit, when my husband and I were looking at tablets a few weeks ago, we were very tempted by the Surface, but decided against it, mainly because of the lack of apps available. The article points out that this may not be the tablet “end-users would pick for themselves,” which I agree with. However, because of all the features, and its capability run EMR software, I think it’s definitely going to be a big competitor for physicians and hospitals to use. I’d love to see more apps for patients to be developed for it as well. I think that when that starts happening, Microsoft will really have secured a permanent spot in the tablet marketplace, especially for people wanting to use it for health-related purposes.

It will be interesting to see if it is as successful as anticipated with hospitals. I think for those that may not have gotten tablets because they are nervous about trying out the iOS or Android systems, it will be a tempting offering, especially if they already know and understand Microsoft.

Dell’s Healthcare IT Solutions

Posted on May 1, 2009 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I found this article which described a number of the offerings that Dell has offered to help Healthcare IT. I’m sure this could sound a lot like a sales pitch for Dell. It’s not intended to be a sales pitch for Dell. In fact, most of the solutions are being offered through Dell partners like Symantec, VMWare, Citrix, etc. I’d caution that you should look around since you can certainly find the exact same products from other sales channels than Dell. As always, it’s best to look around when purchasing any of the products described below.

What I did find interesting was all of the various types of packages that Dell and its partners are trying to offer to healthcare IT. My big question for you, is how can we ever keep up with all these cool technologies?

The following are snippets of the article linked above. I’ll add my commentary in italics below each section.

Dell Mobile Clinical Computing Solution

Among the new offerings announced is Dell Mobile Clinical Computing Solutions. This lets physicians access patients’ records from any terminal using smart cards and Symantec’s (Nasdaq: SYMC) Workspace Corporate product for single sign-on and secure authentication.

This capability is not entirely new, however. Sun Microsystems (Nasdaq: JAVA) has offered roaming capabilities using smart cards and single sign-on access through its Sun Ray technology, both in the U.S. and worldwide, for several years now. U.S. Sun Ray customers in the healthcare field include Denver Health, which provides healthcare for a quarter of all residents of Denver, Colo.

Smart Cards are interesting to talk about and interesting to see in action, but I just personally have never been fond of trying to manage smart cards. They’re expensive and prone to be lost. Can someone else make the case for them? I’d be interested to hear it.

On-Demand Desktop Streaming

Another element of Dell’s new lineup is On-Demand Desktop Streaming. This is for stationary environments where data management and security are critical. Virtual disk images will be streamed to desktops. This enhances security because users get a new, pristine image every time they boot up.

While Dell partners with VMware (NYSE: VMW), Microsoft (Nasdaq: MSFT) and Citrix (Nasdaq: CTXS) for virtualization, it’s likely that Citrix has been picked for this solution, as it is based on streaming images to the desktop.

On demand desktop streaming is a really cool concept. I think that in the next 2 years, the thin client on the desktop will become a major reality. Of course, I think this really only applies to large scale implementations that can benefit from the savings of virtualization and thin clients. Small offices will still be buying the regular old desktops. I don’t know what Dell will do, but I see VMWare becoming the dominate player in this space and Citrix losing some of its hold.

Virtual Remote Desktop

Virtual Remote Desktop offers centralized control and management of end-user devices while enabling personalized end-user desktops, access from any device — whether within our outside the corporate firewall — and session mobility, where a single desktop session can follow the user from one device to another.

The solution was developed in collaboration with Citrix. It consists of Citrix XenServer Dell Edition; Citrix Desktop Delivery Controller; Citrix Secure Gateway; and Citrix Provisioning Server.

This sounds like the idea of taking the desktop to your mobile phone. The mobile phone is getting there now with 3G speeds. I’d like to see this work. I’m afraid it’s still not going to be as nice as using a desktop.

Dell, Perot and the Cloud

In addition to Mobile Clinical Computing, Dell is teaming up with Perot Systems to provide virtualized desktop, storage, server and electronic health records on-premise, hosted off-site or in secure private clouds.

Perot also works with other major vendors in healthcare IT, such as IBM (NYSE: IBM) , HP (NYSE: HPQ) and Sun. “We’re vendor-agnostic,” Moss said. “We work with whatever’s best for the client.”

I don’t know anything about Perot systems, but it sounds interesting. I might have to learn more. Anyone else ever used Perot systems before that can tell me what it’s like?