AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES



Similar documents
Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

How Reflection Software Facilitates PCI DSS Compliance

Industrial Security Solutions

Building A Secure Microsoft Exchange Continuity Appliance

Internet threats: steps to security for your small business

Topics in Network Security

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Potential Targets - Field Devices

Achieving PCI Compliance Using F5 Products

Cyber Security for NERC CIP Version 5 Compliance

Protecting Your Organisation from Targeted Cyber Intrusion

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Specific recommendations

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Payment Card Industry (PCI) Data Security Standard

Secure by design: taking a strategic approach to cybersecurity

Security Issues with Integrated Smart Buildings

Seven Strategies to Defend ICSs

PCI Security Scan Procedures. Version 1.0 December 2004

N-Dimension Solutions Cyber Security for Utilities

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Cyber Security Implications of SIS Integration with Control Networks

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

GE Measurement & Control. Cyber Security for NEI 08-09

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Technical Proposition. Security

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

I N T E L L I G E N C E A S S E S S M E N T

Medical Device Security: The Transition From Patient Privacy To Patient Safety. Scott Erven

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Basics of Internet Security

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

FDA Releases Final Cybersecurity Guidance for Medical Devices

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Bellevue University Cybersecurity Programs & Courses

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting

PCI DSS Reporting WHITEPAPER

Data Security and Governance with Enterprise Enabler

Five keys to a more secure data environment

Protecting Your POS System from PoSeidon and Other Malware Attacks

GE Measurement & Control. Cyber Security for Industrial Controls

Guidance Regarding Skype and Other P2P VoIP Solutions

Security for NG9-1-1 SYSTEMS

How To Manage Web Content Management System (Wcm)

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Network/Cyber Security

Course Content Summary ITN 262 Network Communication, Security and Authentication (4 Credits)

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

State of Texas. TEX-AN Next Generation. NNI Plan

Securing the Service Desk in the Cloud

SANS Top 20 Critical Controls for Effective Cyber Defense

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

How To Protect Your Data From Being Hacked

MEDICAL DEVICE Cybersecurity.

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

Cloud Security:Threats & Mitgations

F5 and Microsoft Exchange Security Solutions

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

TOP SECRETS OF CLOUD SECURITY

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

William Hery Research Professor, Computer Science and Engineering NYU-Poly

Enterprise Cybersecurity: Building an Effective Defense

Medical Device Security Health Group Digital Output

GoodData Corporation Security White Paper

Cybersecurity and internal audit. August 15, 2014

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

INSTANT MESSAGING SECURITY

Data Security Concerns for the Electric Grid

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

External Supplier Control Requirements

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Remote Services. Managing Open Systems with Remote Services

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Transcription:

AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES

INTRODUCTION Cybersecurity has become an increasing concern in the medical device arena. As medical devices become more connected, they are more vulnerable to hackers who may wish to compromise or control that device, or even use it as an entry point to more broadly attack the healthcare network. These concerns are getting increasing attention in the media, the FDA, and within the U.S. federal government. For example, in 2014, the Department of Homeland Security (DHS) began investigating 24 cases of suspected cyber security flaws in medical devices and hospital equipment. This included a review by DHS s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of security flaws reported in existing infusion pumps and backend infusion management systems. These investigations revealed security vulnerabilities that, in some cases, allowed the devices to be reprogrammed through a cyber-attack 1. In May 2015, TrapX Security 2, a cybersecurity research firm, published a report entitled Anatomy of an Attack MEDJACK (Medical Device Hijack) 3. The study begins by stating, Medical Devices have become the key pivot point for attackers within healthcare networks. They are visible points of vulnerability in the healthcare enterprise and the hardest area to remediate even when attacker compromise is identified. These persistent cyber-attacks threaten overall hospital operations and the security of patient data. In October of 2014, the FDA issued guidance for medical device manufacturers entitled Content of Premarket Submissions for Management of Cybersecurity in Medical Devices 4. In this document the FDA states, Manufacturers should address cybersecurity during the design and development of the medical device, as this can result in more robust and efficient mitigation of patient risk. Though the FDA is focused on what key mitigations are needed to better defend against cyber-attacks, most devices have legacy architectures that are difficult to retrofit with the appropriate cybersecurity controls. To make matters worse, most medical 2

devices are difficult to update and often need to be taken out of service to perform even minor security updates. For a fleet of 500-1000 of infusion pumps, the logistics of performing regular security updates is not only expensive but can be logistically difficult as well. Cybersecurity is a moving target, and as stated by the FDA, requires that medical device manufacturers and health care facilities need to take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cybersecurity threats. This begins with the development of medical devices that can anticipate these threats and provide a multi-tiered approach to responding to them. First and foremost, medical devices need to create a wall between the core operations of the device and those components that provide network access to and from the outside world. To the extent possible, devices should be designed such that they both physically and logically isolate the operation of the device from those software components most vulnerable to cyber-attacks. Creating a level of indirection from the outside world is also valuable. Ideally, any medical device that communicates on the hospital network should utilize a built-in firewall to help block unwanted traffic and help prevent such things as denial of service attacks. The desire for more intelligence and better communications at the bedside has driven the need to leverage the capabilities of existing operating systems. However, this should not drive the design of the device s core components that may operate more efficiently and be less vulnerable to attacks, if developed to run on a separate processor without an operating system at all. Regardless of the architectural decisions made, devices, such as infusion pumps, should never allow a cyber-attacker to change the rate, dose or any other programmed setting or, in any other way, interrupt the therapy being delivered. Requiring confirmation through the device s user interface of programming changes is one way to reduce this risk. Another is to control the way in which the device exchanges information with the outside world. 3

Because threats often occur when vulnerabilities are compromised on other systems in the healthcare enterprise, it is important to try to maintain control over all direct communications with medical devices. For example, if an EMR is allowed to directly control the operation of an infusion device, that device may become vulnerable to attacks if the EMR system and the interface to the pump are compromised. Though tight integration with the EMR is a necessary feature of any infusion management solution, it should never be done in a way that could compromise the operation of the pump. Ideally, medical devices should initiate all communication and do so through a secure session with a known, authenticated client. With this approach, the session, communication protocol, and information exchange is controlled within the domain of the vendor s solution. In cases where communication to outside systems such as the EMR is required, it should be performed through a proxy, such as interface servers. In addition to providing a level of indirection, these servers can be configured to utilize specific communication ports, adhere to safer communication protocols, and leverage the latest enterprise threat management solutions. In order to leverage mainstream IT security solutions, medical devices should leverage leading edge mechanisms for establishing secure communications, ensuring data integrity, and encrypting data. For example, secure communication protocols such as TLS/SSL, which is used to secure HTTPS, could be utilized to facilitate communications between the device and its proxy server. Cryptographic hash functions, such as SHA-2, could be used to ensure the integrity of data passed to and from the device. And digital signatures could be used to ensure that content, such as a software update, is coming from a trusted source. In order to prevent the eavesdropping of messages, medical devices should avoid sending plain text over the network. In order to avoid this, encryption should be utilized at multiple levels. For Wi-Fi connected devices, secure, encrypted communication such as WPA2/ 4

AES should be employed. TLS/SSL could be used to further encrypt the transmitted data and provide strong authentication between the medical device and its proxy server. And application level encryption of user passwords and patient identifying information should also be utilized. To a certain extent, it is understandable why the medical device industry has been slow to adopt common IT mitigations against cyber-attacks. Redesigning these legacy products requires significant changes to their underlying architecture, extensive testing and resubmittals to the FDA. However, even these legacy devices must begin to address some of the more basic vulnerabilities facing the healthcare industry today. For example, hardcoded passwords are very common in medical devices, making them more vulnerable to attacks. For at least one device, this simple vulnerability was highlighted in a recent recall. It is not uncommon for hardcoded passwords to be shared amongst care providers and thus known by employees who have since left the institution. To address this, vendors must move away from hardcoded passwords and allow institutions to utilize the same strict user management policies used throughout the enterprise on the devices as well. At a minimum, vendors should provide hospitals with a way to set passwords and user permissions on medical devices and do so in a way that can be centrally managed. Ideally, these tools should integrate with existing infrastructure, such as Active Directory, allowing institutions to manage device access in the same way they manage all other access to their healthcare enterprise. Devices must be designed with the expectation that they will be attacked. In anticipation of this, vendors should provide hospitals with the ability to monitor for such conditions and to apply new security patches seamlessly when a breach is identified. In addition to detecting the attacks themselves, devices should log the occurrence of such attacks and be able to communicate this information to a central monitoring service. In order to streamline the delivery of security updates, vendors must first tailor their internal processes to be able to quickly respond to new threats. They should also build devices that are capable of downloading software updates over the network and applying those updates with minimal effort. Finally, vendors should provide solutions that enable software updates to be coordinated centrally and in a way that minimally impacts the care of patients. At Ivenix, we imagine our devices someday operating in a world where patient care extends unencumbered by the four walls of the hospital. We imagine an increasing need for remote care and monitoring, and for devices that can move seamlessly from the hospital, to lower acuity settings, and into the home. We imagine the need for devices that will continue to operate with centralized care systems regardless of their location, exchanging information, and providing users with the information that help guide clinical decisions. Because we ve imagined this world, we are designing an infusion device and management system that is cyber-secured and ready for healthcare in the 21st century. REFERENCES 1. Infusion pump and infusion management system vulnerabilities are listed on the ICS- CERT website at https://ics-cert.us-cert.gov 2. The TrapX Security website is located at http://trapx.com/ 3. This report can be found at http://deceive.trapx.com/aoamedjack_210_landing_page.html 4. FDA guidance on cybersecurity for medical devices issued October 2, 2014 Ivenix, Inc. 21 Water Street, 4th Floor Amesbury, MA 01913 1-978-792-5000, info@ivenix.com 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information