Weitere ähnliche Inhalte Ähnlich wie Healthcare cyber powerpoint (20) Kürzlich hochgeladen (20) Healthcare cyber powerpoint1. Cybersecurity for
Medical Devices:
Three Threads Intertwined
Presented to MedSun audio
conference
Cybe rse curity o f Me dicalDe vice s
on April 12th
, 2005
by
Scott Bolte
(Scott.Bolte@ge.com)
Product Security Program Manager
GE Healthcare
3. 3 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
What Re ally is at Risk?
Common focus on individual medical devices is important…
but misleading.
Most medical systems can be secured simply by
disconnecting them from the network.
Unfortunately what would be lost, and what really needs to be
protected, is the secure transfer of clinical information between
medical systems.
Theright information, beforetheright people, at theright time,
improves patient treatment. Securityimprovements must not
impedethat informationflow.
5. 5 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
Constraints on Manufacturers
Manufacturers rarelyneed to get approval from FDA with
regards to Cybersecurity fixes. However, they always need to
validate safe & effective operation after changes, including 3rd
party patches.
No one can predict impact of 3rd party changes on clinical
operations in advance. Therefore, verifying and validating
seemingly minor changes may take significant time.
Determining impact of patch, or any other design change,
usually requires deep understanding of medical device.
Everyone would like to move faster, but there is no magic way
to avoid necessary validation.
6. 6 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
GE Healthcare Initiatives in a
Nutshell
Product Development Changes:
• Eliminating default but unnecessary network services to reduce the opportunities
for future attacks.
• Objective & automated vulnerability assessments at each product release.
• Formal design requirements system augmented with new security requirements.
Organizational Capabilities Changes:
• Enhancing remote service technology to improve response times.
• Optimizing validation & verification of corrective and preventive actions.
• Established incident response and threat assessment processes spanning the
globe.
Improved Communication:
• Ongoing security education & awareness training throughout GE Healthcare.
• Improved channels of communication with customers.
8. 8 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
Proceed with Caution
Traditional IT assumptions and procedures need to
accommodate unique medical device realities.
Generic IT security best practices, indiscriminatelyappliedto
medical devices without manufacturer coordination, can pose
patient safety risk. For example:
• automatic patching can and has broken medical devices,
• network vulnerability scans can disrupt clinical operations,
• antivirus software can disrupt time-sensitive clinical operations,
• misidentification of clinical data as a virus may interfere with clinical
care,
• authentication schemes must fail-open (let the user in) instead of fail-
closed (lock the user out).
9. 9 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
Long Term Perspective Required
Unlike most IT systems, medical devices life cycles can be 10,
15, 20 years or longer!
While general purpose hardware & software need to be
replaced regularly to keep up with evolving needs, medical
devices will continue to perform their focused purpose
adequately for many years.
Need to assume underlying operating systems may be used
years longer than IT managers typically expect.
10. 10 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
The Sky is NO T Falling
All security problems are not equal.
Threat prioritization, with a phased remediation plan, is
required.
Response to specific threats should be based on threat
assessment.
Cornerstones of threat assessment are likelihood & severity.
Some factors include:
• impact on host (severity of compromise/infection),
• immediate attack vs. potential exploit,
• manual vs. automatic propagation of malicious attack (expected
virulence),
• expected use profile of system,
• proactive external controls already in place.
Bothmanufacturers andhealthcareproviders canandshould
proactivelytakesteps toreducelikelihoodof problems.
11. 11 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
Ongoing Communications
Cooperation between hospital IT staff and clinical personnel is
critical since both parties have essential knowledge. It is
dangerous when they work independently.
Cooperation between healthcare providers and equipment
manufacturers is also critical; for the exact same reasons.
Treat security problems and concerns like any other problem
with a medical device. They are hazards that need to be
appropriately addressed.
Don’t reinvent the wheel or set up spe cialchannels -- use
established support mechanisms.
12. 12 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
Secure Network Designs
Medical devices are provided with filtered power, filtered air,
filtered water, etc. Why not filtered networks?
Defense-in-depth network designs proven and effective at
reducing risks. For example, Department of Veteran Affairs'
Me dicalDe vice Iso latio n Archite cture Guide .
Exploit predictable medical device network communications:
• restrict medical device connections to known peers (e.g. patient monitor
with central nurses station, scanner and a PACS, HIS, RIS, lab, etc.),
• prevent connections with general purpose systems (e.g. uncontrolled
laptops),
• use network intrusion detection systems (NIDS) to detect unexpected
patterns, but be cautious triggering automatic responses.
Healthcareproviders restrictingmedical devicecommunications
todefinedpeers is non-invasiveyet canbeincrediblyeffective.
14. 14 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
We Must Work Together
Interoperability is essential as with DICOM, HL7, and other
clinical standards.
Manufacturers must continue to work together and with
healthcare providers on security standards, otherwise clinical
interoperability may be undermined.
Industry forums should be used to develop and/or publicize
standards & best practices. (See NEMA, HIMSS, etc. pages in
Additio nalInfo rm atio n appendix.)
15. 15 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
MDS2
: A Pattern for Things to Come?
Looming April 2005 HIPAA security regulations were driving a
lot of churn for manufacturers and healthcare providers
throughout 2004.
The HIMSS Medical Device Security Workgroup recognized
the opportunity to simplify through standardization and rose to
the challenge.
The Manufacture r's Disclo sure State m e nt fo r Me dicalDe vice
Se curity (MDS2
) was developed in just a couple of months last
fall is already a de facto industry standard.
MDS2
is a model of how collective wisdom can streamlining
effective communication between all parties.
More information on the MDS2
may be found in the Additio nalInfo rm atio n appendix.
16. 16 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
Conclusion
Everyone has things they can do on their own to manage risk,
both immediately and long term.
Industry forums should be used to share knowledge and
develop common solutions.
GE Healthcare will continue to work with our customers and
our peers to develop better products, standards, and practices
for the industry.
Medical device cybersecurity risks can be managed without
interfering with patient care… if we work together.
18. 18 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
GE Healthcare
The ever growing security portal
http://www.gehealthcare.com/usen/security/index.html
includes:
• Manufacture r’s Disclo sure State m e nt
fo r Me dicalDe vice Se curity (MDS2
)
for GE Healthcare products
• FAQs
• Product vulnerability information
19. 19 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
NEMA Security & Privacy Committee
SPC’s material at http://nema.org/prod/med/security/
includes:
• Bre ak-Glass – An Appro ach to
Granting Em e rg e ncy Acce ss to
He althcare Syste m s
• Patching O ff-the -She lf So ftware
Use d in Me dicalInfo rm atio n
Syste m s
• De fe nding Me dicalInfo rm atio n
Syste m s Ag ainst Malicio us
So ftware
20. 20 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
HIMSS Medical Device Security WG
HIMSS work group’s material at
http://www.himss.org/ASP/topics_medicalDevice.asp
includes:
• original Manufacture r’s
Disclo sure State m e nt fo r Me dical
De vice Se curity (MDS2
),
• Department of Veterans Affairs’
Me dicalDe vice Iso latio n
Archite cture Guide ,
• links to current issues, trends
and tools,
• contact information to join
workgroup.
21. 21 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
Original MDS2
a Huge Step Forward
In the style of DICOM conformance statements and IHE
integrations profiles the MDS2
has:
• standard set of questions and
instructions,
• objective yes/no type questions
required with optional notes,
• all users benefit from knowledge
of MDS2 authors,
• standard format eases
manufacturer burden,
• standard, objective format
eases burden on device users.
22. 22 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
Enhanced MDS2
as New Model?
Sponsor
Manufacturer
User
Three organizations work together to efficiently share
information.
• Sponsorfirst identifies widespread need and then creates standard
profile with fixed questions & instructions (e.g. HIMSS creating MDS2
).
• Manufacturer, in turn,
adds answers and notes
to device profile for each
of their product lines.
• Users optionally augment
manufacturer’s documents
with site specific notes and
instructions to guide
installation and operation
of medical device.
23. 23 /
Scott Bolte /
2005-04-12
Copyright © 2005 by General Electric
Company
Device Profiles in the Future?
https://sourceforge.net/projects/device-profile/ is a brand new
effort to automate
communication such
as the MDS2
• Sponsors (e.g. HIMSS) create
standard questions.
• Manufacturers document
each product.
• Users augment manufacturer
information with local
guidance.