Cybersecurity Risks for Networked Medical Devices in Hospitals

September 24, 2015, 1:00 am

Recently the Federal Bureau of Investigation (FBI) issued a warning about cybersecurity risks from networked medical devices and wearable sensors. According to an article by Health Data Management, Internet of Things (IoT) devices at risk include a wide range of consumer devices from lighting modules, smart appliances, thermostats, and fitness devices. Medical devices at risk include wireless heart monitors, insulin dispensers, and infusion pumps, which need secure environments in order to prevent hackers from accessing sensitive medical data.

Wireless medical devices have been proven to improve patient care. For instance, a recent article in Marketplace Healthcare cited a study by Vanderbilt University Medical Center which found that CareFusion's smart infusion pumps helped prevent errors with the blood-clot drug heparin. According to the article, "Increased safety is one resaon the market for smart pumps is expected to grow to $3.6 billion by 2017." Internet connected devices are also being used to increase efficiency and convenience. While efficiency and patient care are improved upon, devices connected to the internet that are not sufficiently secure have an increased risk for malicious security threats. Much like standard computers, IoT devices are subject to security risks for users. The FBI has expressed concern for companies and the overall public to pay attention to IoT security risks that are being created by cyber-criminals. Garry McCracken, vice president of technology for security vendor WinMagic, stated that the FBI warning was "very significant" and expressed how IoT threats have been approaching users when they least expect it through deployment of devices.

Healthcare facilities must keep pace with growing technologies in order to provide the best patient care possible. Healthcare providers that leverage wireless medical devices provide increased patient safety, data accuracy, efficiency, and mobility, resulting in overall improved patient care. Typically, most hospitals have Wi-Fi, but implementing wireless medical devices has been a slow process due to a lack of understanding of Wi-Fi. While security and patient safety should always be top of mind, the more educated hospitals become about Wi-Fi, the more they will understand that the risks associated with wireless medical devices can be significantly reduced when the best solution is chosen and the appropriate steps to implement the technology are taken. For instance, strong, mutual authentication between every authorized client device and a trusted hospital network ensure that only trusted Wi-Fi clients can gain network access and are not tricked into connecting to an untrustworthy network. The Enterprise version of Wi-Fi Protected Access or WPA2- Enterprise provides sufficient authentication and encryption and addresses the main security threats against Wi-Fi networks such as network exposure, data exposure, and man-in-the-middle attacks. Not all wireless medical devices have the same capabilities, so it is crucial to choose devices that are embedded with certified Wi-Fi modules that can provide WPA2-Enterprise security, go through the roaming process quickly and seamlessly, are thoroughly tested, and come with excellent support services. If the appropriate steps are taken when selecting and integrating wireless medical devices, hospitals can then take advantage of the secure wireless connectivity that Wi-Fi provides.

Click here for information on how Laird can help you with your wireless medical devices.

For more technical information on engineering the wireless hospital check out these blog posts:
Testing Wi-Fi Functionality in Medical Devices
Mobility and Connectivity
Security
RF Issues
Client Device Requirements