A presentation by Tracy Rausch, CEO of DocBox and Chip Block of Evolver Inc. on medical device security & patient monitoring. Presented at The Security of Things Forum on Sept. 10, 2015.
2. THREE TYPE OF DEVICES
ī§ Devices with software on a general computing
platform (Spirometers, Sleep Study, Devices as
Software)
ī§ Stationary devices on proprietary platform (MRI, CT,
X-Ray)
ī§ Medical devices with embedded software (Infusion
Pumps, Ventilators, Multiparameter Monitors)
7. WHY IS DEVICE SECURITY DIFFERENT?
Traditional Enterprise
Cyber Security
Highly dynamic functionality
Continuous software,
information and
communication changes
User/computer centric
Security systems are primarily
network/perimeter focuses
Medical Device
Cyber Security
Highly Static Functionality
Legacy, seldom changing
software code
Patient centric
Security paradigm still being
developed
8. User/Machine
(passwords)
Server
Authentication
Data Access
ī§ Primary focus is on which user accessed
which application to get which data
ī§ Malware / Anti-virus focuses on finding
vulnerabilities that can used for
widespread attack
ī§ Major concern is on large scale
infiltration and exploitation
ī§ The possible outcomes of the attack are
numerous based on the devices on the
network and available data
ī§ Reporting is on network device and user
The primary question is what machines
are affected and what data is at risk?
ENTERPRISE CYBER SECURITY
9. Patient
Outcome
Devices
Impacted
ī§ Primary focus is on which patients may be
affected by the attack
ī§ The outcomes are limited as the device
only does a limited number of functions
ī§ Reporting is on which patients have been
impacted and recovery
ī§ Patient safety and security are interlinked
The primary question is what is the
impact on the patients?
MEDICAL DEVICE SECURITY
10. MEDICAL DEVICE CYBER SECURITY
APPROACH
ī§Leverage the unique characteristics of medical
devices for security
ī§ Leverage static nature of device to gain greater security
ī§ Develop patient centric security operations approach
ī§ Support both existing device security and work with FDA
and other standards group for increased security in new
devices
ī§ Utilize Integrated Clinical Environment (ICE) Architecture
11. WHAT IS âICEâ?
1. ICE = Integrated Clinical Environment
2. It is a vision that integration of medical and non-medical
devices, data, and HIT in patient care environments can
enable improvements in healthcare quality and safety
that have been elusive until now
3. ICE is a published standard â ASTM F2761-09
4. ICE capabilities are being developed by academic and
industry collaborators, seeded by substantial federal and
private funding. See www.openice.info and mdpnp.org
5. ICE is a platform to enable the Medical Internet of Things
6. The ICE Alliance seeks to promote all of the above to
deliver safe, secure, interoperable clinical environments
12. FUNCTIONAL ELEMENTS OF
THE INTEGRATED CLINICAL
ENVIRONMENT
ASTM standard F2761-2009
Published January 2010
ICE SupervisorICE Supervisor
Network
Controller
Network
Controller
ICE Interface
Data
Logger
Data
Logger
External
Interface
External
Interface
Medical Device
ICE Interface
Other Equipment
Integrated Clinical Environment (ICE)
Clinician
Patient
13. Data
Warehouse
ICE Systems Apps Clinical Documentation App
CDS App 1 CDS App 3
CDS App 2
MD 1
MD 2
MD 3
MD n
ICE Manager
CDS App a
CDS App n
EMR ADT Other
Enterprise
ICE Systems Apps
CDS
App 2 CDS App n
Clinical
DocumentationCDS App 1
ICE Coordinator
1 2
3
MEDICAL IOT ARCHITECTURE
Remote
Monitoring
ICE Data Bus ICE Coordinator Data Bus
Single Patient DB and App
Multiple Patient DB
ICE System App
ICE Clinical App
Medical Device (MD)
Hospital IT systems
Interface
14. SCALABLE ARCHITECTURE
Apps
1âĻn patients
1 patient per
ICE
0âĻ.24 devices/sensors
or therapeutic devices
ICE
Coordinator
Data Cluster (HADOOP)
1 Coordinator per 250
beds
EMR LAB
PharmacyADT
Hospital
ICE
System
Network
Across
Hospital
Network
ICE Domain
Hardware for ICE Manager Changes by Environment
Other
15. TECHNOLOGY
ī§Repurposed Technology for Healthcare
ī§ DDS (Standard Communication Protocol)
ī§ Mature Standard
ī§ Used in Military, Internet of Things, Energy, Public Works.
ī§ Platform to Build Clinical Apps
ī§ Environmentally Agnostic (change hardware to match
intended use and environment)
16. SECURITY AND SAFETY
ī§ Traditional Security Approaches for IT will not meet the
unique needs of the clinical environment.
ī§ Security is required for patient safety.
ī§ Security canât impact patient safety or functionality of
medical devices.
ī§ Implementation of security must be evaluated for patient
safety risks.
17. âĻN
ī
âĻN
ī
3
ī
3
ī
2
ī
2
ī
ICE
SECURITY
ARCHITECTURE ICE Coordinator
Roll-based Login
Firewall
Anti-Virus / Anti-Malware
Coordinator whitelists each
Manager & External Systems
ICE Coordinator
Roll-based Login
Firewall
Anti-Virus / Anti-Malware
Coordinator whitelists each
Manager & External Systems
ICE Manager
Manager whitelists Coordinator
Roll-Based Login
Anti-Virus / Anti-Malware
Device Authentication
ICE Manager
Manager whitelists Coordinator
Roll-Based Login
Anti-Virus / Anti-Malware
Device Authentication
1
ī
Coordinator Data Bus
ICE Data Bus
External Systems
Comm Interface (Driver)
Communication âProcess Whitelistâ
Comm Interface (Driver)
Communication âProcess Whitelistâ
Physical Security:
Hospital Data Center
Data-Level Security (DDS)
Data-Level Transport Security (DDS)
Medical Device
(Legacy)
Medical Device
(Legacy)
Medical Device
(ICE Compliant)
âProcess Whitelistâ
Medical Device
(ICE Compliant)
âProcess Whitelistâ
App Whitelist
Process Whitelist
Utilize Rolls of
Manager
App Whitelist
Process Whitelist
Utilize Rolls of
Manager
ī
Patient
18. SECURITY AND PRIVACY
ī§ Defense in layers approach for ICE components and devices
ī§ Process Whitelisting of Devices and Apps
ī§ Unique Login and Password for Clinicians.
ī§ Separate Devices Physically from Hospital Network (but not data).
ī§ Virus and Malware, protection on Server and Coordinator, consider
traditional medical devices similar to IoT sensors
ī§ Implement DDS Security encryption and security individual data
points at levels required. (not a one size solution for all data values
or data paths).
ī§ Blackbox recording of data at bedside similar to aviation.
ī§ Encrypt all communications with PHI, use ICE patient session ID on
devices not PHI on roaming devices.
19. Note: The ICE Alliance is hosted by the IEEE-ISTO
The ICE Alliance is a non-profit
program committed to establishing
healthcare environments that are
safe, secure, and interoperable
www.icealliance.org
20. WHAT WILL THE ICE ALLIANCE
DELIVER?
Many Deliverables are already in progress through MD PnP Program +
Collaborators
ī§ Medical and Health IT equipment procurement language for use by
healthcare delivery organizations (MD FIRE http://mdpnp.org/mdfire.php )
ī§ Clinical Needs Assessment and Descriptions â by HDOs
ī§ System Requirements Specifications â elaborated by MD PnP program
ī§ Use Case and Clinical Scenario Library â maintained by MD PnP
ī§ ICE reference implementations, including safety and security requirements,
and test tools â Started by MD PnP, see http://www.openice.info
ī§ Feedback to Standards Development Organizations (SDOs) to help
standards conform to ICE requirements â currently performed by MD PnP
ī§ Regulatory science analysis related to submission http://mdpnp.org/
MD_PnP_Program___MDISWG.html interoperable medical devices and
systems (FDA Pre-submission bit.ly/mdiswg )
ī§ Elaboration of requirements for EMR inclusion of device data
21. MEMBERSHIP IN THE ICE ALLIANCE
ī§ The IEEE-ISTO manages the IA
ī§ Membership is free to individuals, non-profit organizations
and federal agencies
ī§ For-profit organizational membership ranges from $1000 to
$10,000 annually
ī§ Seed funding has been provided by HDOs, Manufacturers,
and medical societies. Contributions are welcome.
ī§ Specific projects are funded separately from annual
membership
ī§ Questions may be directed to jmgoldman@partners.org
22. NOTE â NOT ALL PENDING MEMBERS ARE SHOWN
ICE ALLIANCE FOUNDING MEMBERS*
Founding Members
Liaison Members
*As of 7/25/15
Additional founding memberships in process
23. CONCLUSION
ī§ Turn the security monitoring question upside down,
patient focused, not device focused, monitoring
ī§ Leverage unique features of devices to gain security
ī§ Utilized Integrated Clinical Environment architecture to
gain security through separation of devices and network