A professional educational model to provide insight into what is going on with all aspects of secure wireless medical connectivity both across the integrated delivery network, the enterprise business model, and at the device point of care of which includes the connected medical device. The goal of this content is to provide technology information and direction to help transform healthcare in 2018 and beyond through all aspects of wireless connectivity and cybersecurity. The desired result is to improve patient care and the total clinical mobility experience across the healthcare enterprise in a secure fashion.
Please find the latest ULP Winter 2017 Quarterly from www.nordicsemi.com.
Integra Systems, Inc., has worked with Nordic for many years on unique product development efforts for the medical device space using both ANT www.thisisant.com and BTLE. , as well as the WLAN. This however is the first issue of ULP Quarterly that “really highlights” the huge growing BTLE medical device market space.
While Bluetooth has been around for a long time. The advent of the “smart-phone” with BTLE, the Bluetooth SIG driving improvements to now the release of 5.0, the connectivity convergence has now arrived for healthcare and medicine big time in 2017. The momentum will continue in 2018. Consumers also are demanding the connectivity as well from glucose meters to in-ear wireless temperature measurements for babies. The smart phone, the application, and the "connected" device, brings it all together. (Page 3)
Some interesting highlights that sets the tone for continued medical device product development for BTLE. “The FDA has approved the first drug in the United States with a digital ingestion tracking system". The patch sends data, i.e. dosage and when the pill was taken via Bluetooth Low Energy to a smart phone application allowing patient’s and caregivers to track the ingestion of medication. (Page 11).
Everybody is concerned today about security. By the nature of BTLE and FHSS, BTLE is considered a secure protocol. While security has greatly increased over the improvements in BTLE and now 5.0, design and development efforts may want to consider the addition of an ARM TrustZone CryptoCell-310 Cryptographic module and an AES 128-bit hardware accelerator. This can provide support for a wide range of asymmetric, symmetric, and hashing cryptographic services for secure applications. In BLTE 4.2 an asymmetric encryption scheme was introduced called “secure connections”. This revision of the BTLE specification included an algorithm that generated a private key using an Elliptic key exchange method making it almost impossible to intercept.
Just like Wi-Fi, “man in the middle” attacks can pose a security to BTLE. OOB commissioning was introduced as a part of Bluetooth 4.0. This moved authentication away from the usual Bluetooth LE channels to an “out-of-band” channel which remains unknown to the prospective hacker. It seems that NFC (Near Field Communications) offers the best balance of security, but also user friendly for the implementation of the OOB channel.
NFC devices exchange information in the 13.56 MHz ISM band at rates ranging from 106 to 424kbps. Bidirectional interaction is established by bringing the devices within 4 to 10cm of each other. The NFC link can be used as the OOB channel to start the pairing process and look after authentication. Once this handshake commissioning process is completed, then communication switches to the secure Bluetooth LE link.
The value to NFC for the OOB channel is the very short distance which would make hacking via a man in the middle intercept very difficult to reveal their intent. Finally OOB commissioning also stops unwanted devices from establishing a connection with the user’s permission. From a user’s standpoint, there is no need to enter or verify a passcode.
Cybersecurity, healthcare and medical devices….and “hacking”. This is a overused word perhaps today, somewhat like the trendy word “awesome”. A tremendous amount has been written about this, but some of the most basic perhaps need to be re-enforced. (See link to the educational seminar that Integra Systems, Inc. provided for General Electric Healthcare) last year}
http://www3.gehealthcare.com/en/education/clinical_education/cybersecurity_essentials_for_healthcare
Being involved with high secure environments for many years; security is about providing layers and layers of security and using common sense. Part of our challenge today is the mobility world we live in; the increasingly connected IOT environment...and a somewhat lazy security understanding and response. All these now connected mobile devices and the IOT world, could provide unique “back doors” of entry. For example one major retailer was compromised when the somewhat insecure HVAC networked connected enterprise allow a “back door” to the corporate environment. Once the intruder got in they were able to learn the social behaviors of the company, figure the administration passwords, then strike at the appropriate time at the POS (point of sale terminals), then vanish.
Pretty much all the medical device vendors have gone down the route of implementing WLAN and connecting to the enterprise network. A whole lot of business reasons support this from the smart infusion pump to WMTS becoming legacy for patient monitoring. It saves a lot of costs and drives down risk. The bottom line; if correctly architected WLAN for any medical device is secure and can provide the right quality of service for the application intended. However, it does not stop just there. The WLAN enterprise network providers are constantly doing things to improve security almost on a month-to-month basis. The WLAN medical device companies should look at these changes as major league positive, but they should also continue to test, validate and verify their FDA approved WLAN medical device against these new changes as well as the ongoing changes approved by IEEE 802.11 specification.
If we go back to the area of “hacking”, this is an area where you now need to think about the basics. For example, how complex and different are your passwords for each application, how often do you change them, do you use biometric or two step authentication? Do you log in and out with time outs?
Do you take time to slow down to look at perhaps phishing emails, and have the appropriate network appliances to filter these out? What layered enterprise security strategy do you have in place? These are some of what I consider some of the foremost companies in the security space to take a look at.
www.ixiacom.com
www.trapx.com
www.fireeye.com
www.extremenetworks.com
As a side, I never rely upon my network carrier in my home for security; I create my own internal secure layered enterprise network.
Postmarket Management of Cybersecurity in Medical Devices
Guidance for Industry and Food and Drug Administration Staff
Document issued on December 28, 2016.
The draft of this document was issued on January 22, 2016.
Over the past sixteen years with the approval of 802.11b virtually every mobile medical device (infusion pumps and patient monitors), among other devices have been “in a wireless fashion connected”. That does not include other devices such as C-arms or other fixed medical equipment that might be connected to a network port by ethernet.
The changes in the wireless enterprise from a security standpoint are evolving at a rapid rate and need to be taken into account during both the design and the entire product life cycle of the medical device. Security encompasses the entire ecosystem from wireless and wired medical devices, as well as during hardware and software updates. It is an on-going management and testing process.
Attachment One: Postmarket Management of Cybersecurity in Medical Devices
Guidance for Industry and Food and Drug Administration Staff
Document issued on December 28, 2016.
The draft of this document was issued on January 22, 2016.
Attachment Two: Is the Health Care Cyber Breach Report for 2016 December 2016 from
by TrapX Labs A Division of TrapX Security, Inc.
Attachment Three:
Learn Cybersecurity the Healthcare Way
http://www3.gehealthcare.com/en/education/clinical_education/cybersecurity_essentials_for_healthcare
Your cybersecurity challenges are unique to healthcare.
(c) 2016 General Electric Company JB37816xx
A week ago plus, I attended the workshop on the FDA White Oak Campus, Silver Springs, MD, (January 20-21, 2016). Moving Forward” Collaborative Approaches to Medical Device Cybersecurity. This was sponsored by the FDA Center or Devices & Radiological Health (CDRH), National Information Sharing Analysis Center (NH-ISAC), the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS). www.fda.gov/medicalcountermeasures. The PDF of the two session can be found on the web site.
A jam packed agenda of meetings and discussions over two days and the content covered a wide range of very interesting topics. Cybersecurity overall is a hot topic and very relevant to us today from not only financial security, but network security.
A lot of buzz centered regarding the issues regarding a manufacture’s infusion pump as well as software patches (will shed some light on this).
Over fifteen years ago I was asked to conduct a research study by a medical device company to network connect a medical device on a wireless basis. They asked me if I could actually make their non-networked medical device wireless. (In this case it was an infusion pump). Mind you that was in 2001. I Had a client bridge (from the company that I worked for (out of my black bag) which was traditionally used for POS (point of sales) that on one end had a RS-232 connection but also in the bridge was a RS-232 Ethernet to 802.11b interface. Connected on the other end of the network connection a WLAN PCMCIA card to a laptop and then had a WLAN AP in between. After a couple of minutes I was able to control the infusion pump from the laptop on/off, change settings, etc., with a custom program running on the laptop. Felt at this time we were way ahead of the game, because infusion pumps did not even have WLAN adapters built in! I found this to be an interesting R&D experiment.
The important thing to note today is pretty much all infusion pumps have a networked interface, in this case 802.11a/g/n, with the purposes of downloading drug libraries and then uploading log files. These pumps are all connected the “enterprise network” of which will employ the most up to date security best of practices.
For example: On the security side of things from Cisco “best security practices” which enteprises now deploy include: The best practice is to disable or avoid using local EAP. Although the WLAN controller and Access points do support WLAN with SSID using WiFi Protected Access (WPA) and WPA2 simultaneously, it is very common that some wireless client drivers cannot handle complex SSID settings. Whenever possible, Cisco recommends WPA2 only with Advanced Encryption Standard (AES). However due to standards and mandatory WiFi Alliance certification process, TKIP support is required across future software versions. Keep the security policies simple for any SSID such as a separate WLAN/SSID with WPA and Temporal Key Integrity Protocol (TKIP), and a separated one with WPA2 and Advanced Encryption Standard (AES). Since TKIP is being deprecated, Cisco recommends to use TKIP together with WEP, or migrate out of TKIP completely and use PEAP if possible. If designing for identity based networking services, where the wireless clients should be separated in several sub-networks for security reasons, such as each one with different security policies, use one or two WLANs together with the AAA-Override feature. AAA-Override feature allows you to assign per user settings. For example, move the user to either a specific dynamic interface in a separated VLAN or apply a per user Access Control List (ACL). For 802.1x, it is recommended to have the lowest configured RADIUS timeout as possible for a big or busy network. Since the longer the timeout is defined, the longer a frame re-transmission for the queue for RADIUS is held. Depending on the capacity of the network, and how busy the queue may be, a longer timeout may increase chance of retransmission failure rate. It may take longer to discover that a radius server is down with a longer timeout. For most network deployment with high authentication count, a smaller timeout is better to improve capacity handling in the controller. Smaller timeouts can also make the WLC to recover faster from an unresponsive radius server. However, for Radius NAC (ISE) and Radius over slow WAN, it is recommended to have a longer timeout (5 seconds). The Cisco Unified Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) is part of the Cisco Self-Defending Network and is the first integrated wired and wireless security solution in the industry. The Cisco Unified IDS/IPS takes a comprehensive approach to security—at the wireless edge, wired edge, WAN edge, and through the data center. When an associated client sends malicious traffic through the Cisco Unified Wireless Network, a Cisco wired IDS device detects the attack and sends shun requests to Cisco Wireless LAN Controllers (WLCs), which then disassociate the client device.
The Cisco IPS is an inline, network-based solution, designed to accurately identify, classify, and stop malicious traffic, including worms, spyware / adware, network viruses, and application abuse, before they affect business continuity.
With the utilization of Cisco IPS Sensor software version 5, the Cisco IPS solution combines inline prevention services with innovative technologies to improve accuracy. The result is total confidence in the provided protection of your IPS solution, without the fear of legitimate traffic being dropped. The Cisco IPS solution also offers comprehensive protection of your network through its unique ability to collaborate with other network security resources and provides a proactive approach to the protection of your network.
The Cisco IPS solution helps users stop more threats with greater confidence through the use of these features:
• Accurate inline prevention technologies—Provides unparalleled confidence to take preventive action against a broader range of threats without the risk of dropping legitimate traffic. These unique technologies offer intelligent, automated, contextual analysis of your data and help ensure that you receive the most out of your intrusion prevention solution.
• Multi-vector threat identification—Protects your network from policy violations, vulnerability exploitations, and anomalous activity through detailed inspection of traffic in Layers 2 through 7.
• Unique network collaboration—Enhances scalability and resiliency through network collaboration, including efficient traffic capture techniques, load-balancing capabilities, and visibility into encrypted traffic.
• Comprehensive deployment solutions—Provides solutions for all environments, from small and medium-sized businesses (SMBs) and branch office locations to large enterprise and service provider installations.
• Powerful management, event correlation, and support services—Enables a complete solution, including configuration, management, data correlation, and advanced support services. In particular the Cisco Security Monitoring, Analysis, and Response System (MARS) identifies, isolates, and recommends precision removal of offending elements, for a network wide intrusion prevention solution. And the Cisco Incident Control System prevents new worm and virus outbreaks by enabling the network to rapidly adapt and provide a distributed response.
It also recommended going forwarded that any such medical device do have some form auto log on and log off biometric authentication, (obviates the requirement for passwords).
The majority of legacy and even current WLAN networked medical devices do have available RS-232 ports for biomedical service maintenance.
While yes, someone could realistically bring a laptop into a patient room and connect to the individual medical device that more than likely would be very difficult since it already more then likely connected to the network in general with the proper authentication and IDS. Proper facilities security should prevent any person from being in the patient care area in the first place. Lastly, RS-232 ports simply could just be disabled from use.
In 2015 healthcare witnessed some of if not the largest security exploits in history.
99 million healthcare records were thought to be compromised through around 93 different attacks. Overall the industry costs for security breaches exceeded it seems $6 billion. Moving forward in 2016: a lot of process change needs to happen.
This not only extends to best practices of network and enterprise security; but also common sense knowledge of how to mitigate social engineering and back door attacks.
Enabling multi-factor biometrics for secure and authorized authentication enables best practice to displace the legacy password model.
Even if you had the common access card with the magnetic strip or embedded chip today, how do you know that this is the person with authorized access?
The question for healthcare organizations moving forward is as follows: Will your cybersecurity strategy be able to thrwat dedicated and evolving threats from the edge, through the wireless space, to the back end?
Protecting your medical device, the enterprise network and confidential data has really never been easy….but due to all the cyber security attacks….it is only getting harder.
Network defenses are constantly under attack from cyber criminals, hacktivists, and other disgruntled entities. DDoS attacks, malware, botnets, and other threats are becoming more complex and better orchestrated.
Customers hold their providers responsible for not protecting their information. Even a small vulnerability in your network or data center infrastructure can lead to major financial damage and loss of customer loyalty.
You need to design networks that achieve the greatest possible security resilience—the ability to resist attacks and bounce back when one occurs.
This includes:
• Evaluating the performance of new technologies like next-gen firewalls, IPS systems, DDoS mitigation, and the like against the realities of your own network and threat profile
• Validating your overall defenses and processes before deploying and over time
• Addressing new vulnerabilities introduced by virtualization and other major initiatives
It is what you do not know….. that can hurt.
Integra Systems, Inc., and it’s partners can provide FDA QSR Cybersecurity Audits.
These audits can provide guidance and insight needed to meet FDA compliance requirements. They will provide the following:
• An evaluation of the classification of medical devices to identify the appropriate regulations.
• Identify predicate devices that are similar and already have a FDA 510(k) clearance. Then the new device will be evaluated to understand if the security aspects or use model could be based upon the predicate.
• Review in-house FDA compliance, guidance, standards, testing, and other specific requirements needed to claim substantial equivalence to predicate devices.
• Analyze risk mitigation and processes in place.
• Build and maintain a compliance program that satisfies current requirements.
• Provide change internal change process management when standards change.
Integra Systems, Inc. additionally has conducted testing for many medical device companies to include quality of service, security, and RF mitigation to include co-existence testing. We have authored cybersecurity guidance documentation for regulatory submittal for several medical device companies.
See attached the most recent FDA guidance documentation.
