I don't understand why many of the same practices found in the financial sector and other high-security networks would not apply here.
For devices that have an actuation directly affecting the patient, put them on a separate VLAN (like you do phones) and encrypt the communications channel. Most of these devices do not use a standard OS or the OS is baked in so viruses are less a concern here anyway.
For computers used by clinicians, enforce updates via group policy.
For machines that handle the electronic medical records, remove all drives and ports (including USB) not only to protect from viruses (as mentioned in the article) but to protect patient data from being stolen.
I know this is rather simplistic, but its a start. And while we're at it, can we mandate that medical devices be shielded so cell phones wont negatively impact them? I'd hate for my cell phone to cause grandma's respirator to pump to the beat of my ringtone.
Discussion on:
View:
Show:
The big disconnect, and Denis was all over me to make sure of this, is that there is confusion between what the FDA wants and what the manufacturers think the FDA wants. I hope I have that right. What ever it is, devices and computers are not getting updated and are vulnerable.
More not fully researched alarmist reporting of what is a perfectly safe industry who's sole aim to to look after people. 
Sorry but unfortunately that's not even close to being true. While most of the Medical Profession isn't interested in doing the wrong thing they also have built in problem with their structure.
In Hospitals the Consultant Surgeon is God and can do no wrong which is perfectly OK at one level as they are highly experienced in at least one field and very good at what they do generally speaking. The down side is that while they may be excellent at fitting devices to those who need them they are not expert at choosing which device to fit. That's not saying that they'll fit a Pacemaker to a person who requires a replacement hip though things like that can and do happen they are however the exception.
Recently a good example of this where shown with Hip Replacement products which though highly technical do not rely on Technology for their function while in place and being used. The Metal to Metal Hip Joint was a perfect example of this it was passed and then each surgeon got to chose who made and supplied the Hip Replacements that they chose to fit. Some of the Metal to Metal Varieties contaminated the recipients where as others worked as designed without problems.
Often because something is new there is a mistaken belief that it's better and conversely some surgeons believe that any new product should be avoided and you should stick with the tried and true. When it comes to the WiFi used in Hospitals and the actual devices that are used to administer and monitor as well as wearable devices the entire process gets way more complex that a mere mortal can ever comprehend.
However the main problem is the staff themselves. They simply believe that the Surgeons can do no wrong and know it all so they can not be questioned and heaven help you if you make the mistake of showing up the Surgeon as the remainder of the staff will treat you like the plague to educate you to the error of your ways.
Hospital Medical WiFi could very well be a great example of what Domestic IoT will end up looking like. So instead of what was once a relatively secure domestic Network that was all wired we will end up with a Hodge Podge of things trying to communicate and do whatever it is that they where put in place for.
Maybe the way to look at this is the Hospitals are how our homes will end up being. Or maybe a Massive development in Domestic WiFi Security on the IoT will help improve the current Medical WiFi Networks. You can hope for the second while believing the first will be the actual end point.
Col
Sorry but unfortunately that's not even close to being true. While most of the Medical Profession isn't interested in doing the wrong thing they also have built in problem with their structure.
In Hospitals the Consultant Surgeon is God and can do no wrong which is perfectly OK at one level as they are highly experienced in at least one field and very good at what they do generally speaking. The down side is that while they may be excellent at fitting devices to those who need them they are not expert at choosing which device to fit. That's not saying that they'll fit a Pacemaker to a person who requires a replacement hip though things like that can and do happen they are however the exception.
Recently a good example of this where shown with Hip Replacement products which though highly technical do not rely on Technology for their function while in place and being used. The Metal to Metal Hip Joint was a perfect example of this it was passed and then each surgeon got to chose who made and supplied the Hip Replacements that they chose to fit. Some of the Metal to Metal Varieties contaminated the recipients where as others worked as designed without problems.
Often because something is new there is a mistaken belief that it's better and conversely some surgeons believe that any new product should be avoided and you should stick with the tried and true. When it comes to the WiFi used in Hospitals and the actual devices that are used to administer and monitor as well as wearable devices the entire process gets way more complex that a mere mortal can ever comprehend.
However the main problem is the staff themselves. They simply believe that the Surgeons can do no wrong and know it all so they can not be questioned and heaven help you if you make the mistake of showing up the Surgeon as the remainder of the staff will treat you like the plague to educate you to the error of your ways.
Hospital Medical WiFi could very well be a great example of what Domestic IoT will end up looking like. So instead of what was once a relatively secure domestic Network that was all wired we will end up with a Hodge Podge of things trying to communicate and do whatever it is that they where put in place for.
Maybe the way to look at this is the Hospitals are how our homes will end up being. Or maybe a Massive development in Domestic WiFi Security on the IoT will help improve the current Medical WiFi Networks. You can hope for the second while believing the first will be the actual end point.
Col
I almost thought I messed up. Good one. Thanks for the comments. It certainly is a complex and confusing subject.
Though I have to admit that this one is a very complex topic that I can not see could be adequately covered in a place like this.
When I first worked Medical we used Paper for everything and even though we are more secure now as the chances of a Security breach are less likely when they do happen instead of just being the one persons File that can be got it's thousands so the breaches are far more intense when they do accrue.
Personally i can understand why they have WiFi Networks in Hospitals as it's far easier to set up Coronary Care Units without the need to pull lots of Cable so that patients can be easily monitored. Of course the down side is that it's also easy to break in and do what you like to those same devices.
What I have always found amusing is how members of the General Public are asked to turn off Mobile Devices as they may interfere with the Wireless Medical Devices but that same person can be sitting in a Examination Room with a Doctor who takes Phone Calls on their Mobile while in the process of talking to them.
Here there are 2 distinct problems you are facing the ease of rolling out new devices in any part of the Hospital at virtually no expense and Security of those Devices. Even if they follow Basic Security Measures used in other industries there still is no security as the Devices themselves where never designed to have this. They where conceived to be open and easily interfaced with for speed and better Patient Outcomes but because of their current Widespread use the potential for Adverse Medical Outcomes is far higher now days.
Then there is the Administration who asks why they should have Hard Wired Devices in use in the Hospitals when it's far cheaper and easy to use WiFi Devices which means that they are not as restricted when they have the need when something breaks out.
Talk about being between a Rock and a Hard Place. But I wish you Luck with this.
Col
When I first worked Medical we used Paper for everything and even though we are more secure now as the chances of a Security breach are less likely when they do happen instead of just being the one persons File that can be got it's thousands so the breaches are far more intense when they do accrue.
Personally i can understand why they have WiFi Networks in Hospitals as it's far easier to set up Coronary Care Units without the need to pull lots of Cable so that patients can be easily monitored. Of course the down side is that it's also easy to break in and do what you like to those same devices.
What I have always found amusing is how members of the General Public are asked to turn off Mobile Devices as they may interfere with the Wireless Medical Devices but that same person can be sitting in a Examination Room with a Doctor who takes Phone Calls on their Mobile while in the process of talking to them.
Here there are 2 distinct problems you are facing the ease of rolling out new devices in any part of the Hospital at virtually no expense and Security of those Devices. Even if they follow Basic Security Measures used in other industries there still is no security as the Devices themselves where never designed to have this. They where conceived to be open and easily interfaced with for speed and better Patient Outcomes but because of their current Widespread use the potential for Adverse Medical Outcomes is far higher now days.
Then there is the Administration who asks why they should have Hard Wired Devices in use in the Hospitals when it's far cheaper and easy to use WiFi Devices which means that they are not as restricted when they have the need when something breaks out.
Talk about being between a Rock and a Hard Place. But I wish you Luck with this.
Col
I had one of the Wi-Fi monitors on me at all times for four of the five days I was in the hospital for my bypass surgery. Then they used a similar device when I went to therapy to monitor me while on the treadmill.
With or without security, they all have a wireless protocol and I'm sure there are more than a few people on software development teams who know everything they need to so one can be hacked..
I'm completely dependent on mine and it's a bit worrisome that someone could effectively 'turn it off' as they walk by. Many have a sleep mode allowing the changes to take effect so changes won't take effect until the culprit is long gone. That leaves a lot of opportunity to make a lot of people pretty much just fall over dead at bed time.
I'm completely dependent on mine and it's a bit worrisome that someone could effectively 'turn it off' as they walk by. Many have a sleep mode allowing the changes to take effect so changes won't take effect until the culprit is long gone. That leaves a lot of opportunity to make a lot of people pretty much just fall over dead at bed time.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
