Wireless Security Implantable Devices and the Enterprise

Integra Systems, Inc. recently viewed the episode of of Homeland where it shows the apparent host hacking into a pacemaker. This week I read an article in a IT magazine that was a reference to this where apparently several authors talk about how implantable medical device security could be exploited. Also this article in general touts that networked medical devices wired and wireless are very vulnerable.

Implantable medical device companies as well as medical device companies look at the following: Safety and reliability has everything to do with system engineering, design controls, hazards analysis, requirements & traceability, and overall quality system controls. Security and privacy requires similar quality system controls, but different mitigations than safety and reliability.

As one who has been in the cardiac pacing industry, what was shown on Homeland is science fiction. First for a pacemaker to actually have it's parameters to be changed, it has to be interrogated. This requires a specific proprietary programmer only to that company, be used with only that device and/or specific models. These programmers are controlled devices and requires multiple levels of security inherent in use. It then requires a programming head to be put on the patient's chest that activates a reed switch which places the pacemaker in an specific mode so that the parameters can be read. A magnet in the programming head activates this switch. Then and only then on the programmer can you make changes, and then these changes can be inputted into the device. The programming head must in place over the patient's chest for this to occur. In terms of monitoring the pacemaker while implanted, this only unidirectional, not duplex communications. There are all kinds of safety mechanisms and interlocks in place and our previous Vice President, Dick Cheney has had a pacemaker in place for years. You can imagine the level of scrutiny regarding his care. There are ten's of thousands of pacemakers and ICD(s), (implantable cardiac defibrillators) that have been implanted over the years and there has "never" been in instance of a pacemaker being hacked into that was implanted in a patient.

All enterprise grade embedded wireless 802.11a/b/g/n has to subscribe to WPA2. (See attached). Cisco Systems, Aruba Networks, Motorola, etc., all have as a part of their enterprise solutions sophisticated WLAN IDS (Intrusion Detection Systems). So for any person to tamper with or get into the embedded OS of a medical device, then would have to get around all the enterprise grade security in place.As I tell folks pretty much all the financial transactions of NASDAQ and NYSE amounting to million of $$ each day goes through a secure and bullet proof wireless network. I would suspect if someone wanted to hack into this network..well it may be a little more higher on the radar screen. As a side, Integra Systems, Inc., had to finish a WLAN design on highly secure government facility. We had to demonstrate that security on multiple levels was in place.

Download 20120229_State_of_Wi-Fi_Security_09May2012_updated_cert

Download Wireless_Intrusion_Protection_SoftwareDownload AirDefense_Intrusion_Prevention_Solutions

Standards Based Low Power Wireless for Medical Devices

Download Wl1273-tiwi5
href="http://davidhoglund.typepad.com/files/slyb171a-1.pdf">Download Slyb171aclass="asset asset-generic at-xid-6a00e5520cc21688340191026a758c970c">Download Slyb171a
Download Wl1273-tiwi5
The author worked with www.welchallyn.com in 1999 and 2000 when they were the first company in the patient monitoring industry to introduce 802.11FH for enterprise patient monitoring, (now 802.11a for next gen.). Then came Siemens (now Draeger)www.draeger.com and pretty much all the infusion device companies followed after that. Oh, let me not forget Sotera Wireless, www.soterawireless.com

However it seems that the market leader in patient monitoring still clings to to idea of a non-shared enterprise network and "proprietary legacy wireless technologies". I guess let others inovate; then follow because they can.

While I agree that traditional embedded 802.11a/b/g/n can be somewhat power hungry, this is has pretty much fallen by the wayside with Low Power class="zem_slink" title="Bluetooth" href="http://www.bluetooth.org/" rel="homepage" target="_blank">Bluetooth and (ELP), Enhanced Low Power WIFI from TI. (see attached module). This is TI's 6th generation WIFI module, and 7th generation Bluetooth module. They have been architected for co-existence on a single chip set. Looks like this would be ideal for a "patient worn device"...such as medical telemetry...or also what they say "patient worn monitor".

I feel that the days of using "custom" radios for medical devices and the WMTS era is fading into the sunset just like the Black and White TV(s) and vacumn tubes of the 1960's. Think I would leverage a 18 Billion$ company like Texas Instruments for my embedded WLAN chipset R&D development instead.

Corning ONE Wireless Platform

I have been saying this for years that a typical "co-axial" based DAS (Distributed Antenna System) is not future proof. Those folks that bought into the notion that this infrastructure could support all flavors of 802.11 have had to contend with "rip and replace"...not once but several times! It seems that Corning (they make fiber...as well as Gorilla Glass!) has introduced an all optical infrastruture. Being Corning makes fiber optic cabling....this makes sense. Some of the benefits include:

All-Fiber Platform - Provides unlimited bandwidth, faster deployment and less labor
due to pre-connectorized solution.

1:1 Optical Connectivity - Seamless fiber media to the antenna

Built-in SISO/MIMO Antenna - Minimized footprint

Gigabit Ethernet Support - Unifies WiFi and cellular over single media and backhaul
of Ethernet backhaul and PoE

Support for all RF Sources - Femto-listening mode provides small-cell enablement for
smaller venues.

Configurable Sectorization - Capacity steering maxmimizes operator resources. A
single headend supports up to three sectors/layers.

A New Patient Monitoring Model for Telemedicine

Integra Systems, Inc., somewhat saw this trend happening. It is when the actual application becomes commoditized (Patient Monitoring) as well as outside influencers changing the game. We in discussions with a entity to help them commercialize a solution in this space. So what are the game changers.?
1. The I-Phone/Android smart phone. This now provides the display and gateway. No longer do you have to create a custom display and communications box.
2. 3G/4G costs going way down and well as a global use model.
3. Low Power Bluetooth of which drives current drain down, thus increasing battery life as well as taking the pairing issue off the table.
4. Processors that are miniaturized and very low power.
5. Costs for design are driven way down, so the actual product costs go way down, thus universal acceptance.

Overall these factors will turn the traditional holter, event monitoring, and even real time remote telemedicine marketplace on it's head.

Stayed tuned to future blogs in this area.

SOLiD Provides Cellular and Public Safety Coverage for the entire NYC Mass Transit Authority Subways

http://solid.com/blog/?p=1582

I have been saying this since 2008 that SOLiD is the game changer in the DAS (Distributed Antenna Systems) marketplace.

Their forward thinking technology and total focus has made major deployments like this a reality.

IXIA and Integra White Paper Healthcare - What is the Right Enterprise Design Model?

This is the first ever white paper that Integra Systems, Inc. has worked on with www.ixiacom.com that is dedicated to the healthcare vertical. We see a major opportunity from the output of this white paper to improve not only networked risk management; but overall the enterprise wired and wireless quality of medical device care.

http://info.ixiacom.com/2013Q2HoglundMedicalWiFiWP_DavidHoglundWPDownload.html

Are Your Mobile Medical Devices “Hospital Grade”?

Integra Systems and Ixia, the leading provider of Wi-Fi test solutions, have just completed the first healthcare white paper focused on the growing need to validate and verify the performance of wireless medical devices and healthcare networks. We see the need for proper validation as a critical paradigm change in the medical device and healthcare provider marketplace. The new model of testing and validating the performance described in this paper can decrease costs, mitigate serious risk to providers’ brand reputation, and vastly improve the overall quality of the wireless experience.

Download the new white paper now and please don’t hesitate to contact us if you would like to receive additional information on assessing Wi-Fi-enabled devices or healthcare network ecosystems.

http://info.ixiacom.com/2013Q2HoglundMedicalWiFiWP_DavidHoglundWPDownload.html

Integra Systems, Inc.
www.integrasystems.org
David H. Hoglund
Principal and Founder
integratech@earthlink.net
714.264.7101

IXIA, Inc.
www.ixiacom.com
Sean Baioni
WLAN Business Development Manager
sbaioni@ixiacom.com
503.816.7245

mHealth and Wireless Medical Technology - Integra Systems, Inc Panel Discussion

Advancing the optimization of healthcare through the applied use of of communication technologies.

Government officials, senior in-hours counsel, healthcare executives and attorneys will share their experiences and impart sophisticated solutions for:

- Working with regulators to identify and meet compliance needs of your product.
- Understanding the evolving range of spectrum utilization and how to position your company to take advantage of new developments and interference.
- Ascertaining the opportunities and physicians liability implications of BYOD.
- Evaluating the value of your mHealth proposition and growing your product to create a sustained revenue stream.
- Interpreting and predicting FDA treatment of mobile health applications.
- Satisfying HIPPA requirements without sacrificing innovative uses of patient information.

Integra Systems, Inc. will be presenting a co panel discussion on Tuesday April 30, 2013 at 1:30PM at the Washington Plaza Hotel - Washington D.C.
"Safeguarding Your Data While Minimizing the Risk of Security Breaches."

Other co panel participants include: Dennis M. Seymour, CISSP, ITIL Chief Security Architect Ellumen, Inc., Arlington, VA, and Lee Kim, Attorney Chair of mHIMSS Legal/Policy Taskforce, Tucker Arensberg, P.C. (Pittsburgh, PA).

http://www.AmericanConference.com/mHealth

Cryptographic Accounting Module (CAM) Personal Medical Device Security

Over the past two years Integra Systems, Inc. has worked with www.pb.com to enable this unique and forward thinking security application model within the medical device space. It has since gained a lot of traction and a specific entity has been developed to target this space. See the attached description.

Download Seclingua_cryptographic_accounting_module

Cloud Computing and Healthcare

"The State of the Cloud," recently conducted by CDW shows a 5 percent jump in cloud utilization by healthcare organizations in just one year. In 2011, 30 percent of healthcare respondents said they were using cloud-based programs and the number jumped to 35 percent in 2012. Respondents included CIOs, CTOs and other IT professionals at hospitals and medical centers (74 percent), physician offices (14 percent) and long term facilities (12 percent). In citing reasons for cloud migration, 67 percent of responders said personal use of of the cloud influenced their recommendation to their respective organizations about cloud adoption and 47 percent said employee's use of cloud applications and mobile devices is making their organizations move faster to the cloud.

Note the trend of cloud utilization is because of "mobile devices". Wireless whether LTE or 802.11 will be like water and electricity in the healthcare institution. Expected to be there and expected to work to enable these mobile devices.