Looming Large

by Stephen Noonoo 7/26/2010 6:27:00 AM

Once a problem squarely in the realm of IT, cyber attacks on medical devices—including viruses and information-stealing malware—are now a threat looming large enough to necessitate biomed intervention. As hackers get smarter about infiltrating health care networks, hospitals need to get more organized in how they deal with them.

While medical devices haven't been targeted specifically by hackers yet, they may become corrupted or damaged just the same if a hospital's network is breached, according to Axel Wirth, national health care solutions architect with computer security company Symantec Corp, out of Mountain View, Calif.

"Medical devices tend to be a weak spot" in a hospital's network, he says. This is especially true of older equipment. Since device configuration lies in the hands of the manufacturer in the US, biomeds need to cement a good working relationship with their vendors to make sure equipment is properly patched and up to date. Hospitals with several of the same older device are especially vulnerable. If networked, all devices could be affected during an attack.

24x7 will be focusing more on the growing threat of cyber attacks in an upcoming Focus On article, but first we want to hear what you've seen and heard at your facility. Have you spoken to your IT department? What's the best way to approach this subject? Also feel free to share any tips for working with corrupted equipment.

Categories:
Tags: IT, medical devices, cyber attacks, working together
Actions: E-mail | Permalink | Comments (2) | Trackback

Power Is More Than Just Plugging Into an Outlet I’d like to welcome guest blogger Dara McLain, who is the EMC engineer, Program Manager Inte...Positive Influences, Mentoring, and Good Advice Did you watch the Grammy Awards last night? There are a lot of good things about these types of sh...Implementing Design Ideas Normal 0 0 1 289 1649 Allied Health/Ascend Media 13 3 2025 11.773 0 ...

Comments

Posted by vsarmiento, 7/27/2010 10:41:23 AM

Hospital in-house installations of networked medical equipment are configured and typically are isolated, not accessible from the outside world. Remote access capabilities of the computer based devices are disabled. Any software debugging and/or troubleshooting are done locally, accessible only within the confines of the hospital premises. These networked equipment are on their own local subnets which may or may not be linked to other local net or a wider net. If they are linked, it is normally done via a local one-way gateways and only to upload outputs needed by other local applications, as in EHR of the hospital. Clinical networks in general are not connected to any other non-clinical networked applications that are normally found in any business applications or environment.

I believe the only possible way the programming on these devices can be corrupted is, when the endusers or operators themselves will introduce the bugs /virus into the unit directly via the main consoles.

Posted by Mark Prell, 7/29/2010 4:47:07 AM

From my experience at three different hospital groups, the medical devices/systems are directly connected to the hospital networks.  Vendors require remote access and systems need HL7 feeds to/from the HIS.

The IT groups do not see the need for isolated or VLAN'd networks. In this environment, it is the Biomeds responsibility to secure the systems.  This includes MS patch management, antivirus software, password management, and disaster recovery.

Add comment

Name*
E-mail*
Website
b i u quote

Notify me when new comments are added

Looming Large

24x7 Blog

Recent posts

Archive

Authors

Categories

Tags