Medical devices: Many benefits

Medical devices: Many benefits, but many insecurities

Medical devices: Many benefits, but many insecurities

In the world of medical device security, success comes down to having the capability to fail gracefully.

This is not as oxymoronic as it might seem, Kevin Fu told an audience at the Security of Things Forum in Cambridge, Mass., on Thursday. What is more important than bulletproof security, he said, is the ability to contain or “localize” breaches or infections so they don’t disrupt the continuity of operations.

Fu, CEO and cofounder of Virta Laboratories. whose opening keynote was titled, “Your Fly is Down: Managing Medical Device Security Risk,” was just one of multiple experts who said the security of those devices could be drastically improved just by practicing basic security hygiene.

But even without that, the reality in the medical field is different from that of most other sectors of the Internet of Things (IoT): The risks of vulnerabilities in connected medical devices are frequently outweighed by the benefits offered to patients by those devices.

Read Also:
The first lines of defence against data theft

Just one example, he said, is pacemakers, which used to require the use of a needle to adjust or maintain them. “That created an infection risk, which in some cases was fatal,” he said, “so there are great benefits to wireless devices because they increase the sterile field.”

[ ALSO: SOURCE Boston: Medical devices still vulnerable, but things may be changing ]

In general, he said, “patients prescribed an implant are far safer with those devices than without, even though we have found major security problems with them.”

This, he said, is not to imply that improving security is unimportant. He said a major risk to health care organizations, which has exploded in the past year, is ransomware, which in general is not aimed at specific devices, but the entire operation.

“That can result in shutting down operations, and disrupting the clinical workflow,” he said.

But when it comes to individual medical devices, he and others said the majority of flaws fall into the “low-hanging fruit” category – they could be addressed with the digital version of zipping up your fly.

Read Also:
EU Data Protection

Part of the problem, which has been widely reported, is that the industry is still early in the transition to connected devices. Many are legacy systems or devices, designed without any expectation that they would be connected, and therefore without any security built in.

Dr. Julian Goldman, a physician at Massachusetts General Hospital, made that point during a panel discussion following Fu’s keynote titled, “Securing Connected Health Devices and Networks.”

He said a major obstacle to security is, ”the age of the equipment – a lot of it is 10 or 15 years old. The developers may have left the company.

 



Data Science Congress 2017

5
Jun
2017
Data Science Congress 2017

20% off with code 7wdata_DSC2017

Read Also:
Data security and mobile devices: How to make it work

AI Paris

6
Jun
2017
AI Paris

20% off with code AIP17-7WDATA-20

Read Also:
How data breaches are discovered

Chief Data Officer Summit San Francisco

7
Jun
2017
Chief Data Officer Summit San Francisco

$200 off with code DATA200

Read Also:
Five Things So-Called “Business Intelligence” Vendors Don’t Talk About
Read Also:
If You Want to Stop Big Data Breaches, Start With Databases

Customer Analytics Innovation Summit Chicago

7
Jun
2017
Customer Analytics Innovation Summit Chicago

$200 off with code DATA200

Read Also:
Smart Cities Are Going to Be a Security Nightmare

HR & Workforce Analytics Innovation Summit 2017 London

12
Jun
2017
HR & Workforce Analytics Innovation Summit 2017 London

$200 off with code DATA200

Read Also:
Location Tracking Growing Up, Brands Looking Beyond Beacons

Leave a Reply

Your email address will not be published. Required fields are marked *