High Stakes: Medical Device Security and Patient Safety
Healthcare IT managers know that medical devices, such as infusion pumps, patient monitors, medical tablets and MRI scanners, can be just as susceptible to malware as standard computers. Keeping them secure in any networked environment is certainly challenging, but the stakes are particularly high for these particular applications since they can affect patient care and outcomes.
Proving this point, McAfee* and a medical equipment manufacturer recently raised awareness of security holes with potentially life or death consequences; they identified a networked insulin pump with a security flaw that allows the device to be hacked and subsequently administer a potentially lethal amount of insulin to diabetes patients. Although not typically the target of cyber attacks, medical equipment can become “collateral damage” in a malware outbreak, or even be the weak link that opens the door to a cyber attack. Since there isn't a single security solution capable of addressing all future risks, most would agree it's necessary to incorporate threat protection using a series of different defenses across the system.
Why insist on mainstream IT platforms
One of the challenges facing healthcare IT organizations is managing and securing a large variety of hardware and software systems. Further complicating matters, many equipment manufacturers develop unique security solutions, the result of designing purpose-built solutions based on non-standard or proprietary components. Consequently, it can be difficult to determine if these medical devices comply with today's security policies and will successfully satisfy future requirements through their expected life.