WIBU-SYSTEMS

Perfection in Protection, Licensing, and Security

{{ moduleLabel }}
{{ label }}

Cybersecurity for Medical Device Endpoints

MarketingWIBU-SYSTEMS AG on January 25, 2018 at 4:28 PM

With the recent, highly publicized incidents of identity theft, ransomware and malware attacks directed at healthcare facilities, the medical device community is on high security alert. Cybersecurity exploits have resulted in the theft of patient data, intrusions to hospital IT networks, and malicious manipulation of medical devices and systems connected to these networks. The consequences of these attacks are potentially catastrophic: personal identity theft, disruption of critical hospital services, and an overall threat to patient privacy, care and safety. No one in the medical device community would argue that there is an urgent need to secure medical systems, devices and data.

Government organizations, like the FDA and National Institute for Standards and Technology (NIST), are now giving more attention to cybersecurity in the medical area as well.

The US FDA recently published recommendations for both manufacturers and regulators to address medical device cybersecurity. The document, Postmarket Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff, encourages manufacturers to address cybersecurity throughout the product lifecycle, including during the design, development, production, distribution, deployment and maintenance of the device.

Updated guidelines from NIST include specific updates regarding cybersecurity metrics and considerations about supply chain risk management and common terminology used to communicate with outside partners and vendors.

Industry organizations, including the Industrial Internet Consortium (IIC), are involved as well. Earlier in 2016, the IIC released its Industrial Internet Security Framework (IISF) document that identified endpoint vulnerabilities, many of which are prevalent in medical network environments, and ways to protect against them.

Security Considerations for Medical Device Endpoints
An endpoint device includes any computer-based device or system that is Internet-enabled and connected to an IP network. In the medical area, endpoints can be surgery robots, X-ray machines, MRI scanners, dental devices, infusion pumps, patient monitors or any other medical equipment with a computer chip and connection to the Internet. Security experts consider endpoints to be most vulnerable to hackers, particularly in the healthcare environment. Securing medical device endpoints involves many aspects:

  • physical security to prevent uncontrolled changes to or the removal of the endpoint
  • root of trust to provide confidence on the endpoint identity
  • integrity protection to ensure that the endpoint is in the configuration that enables it to perform its functions predictably
  • access control to ensure that proper identification, authentication and authorization protocols are performed
  • secure configuration and management to control updates of security policies and settings
  • monitoring and analysis for integrity checking, detecting malicious usage patterns or denial of service activities, and enforcing security policies and analytics
  • data protection to control data integrity, confidentiality and availability
  • security model and policy for governing the implementation of security functions

Integrity Protection
The term “Integrity Protection” encompasses security measures, namely protection of system resources, programs and data against unauthorized manipulation, or at least identification and display of such modifications. The challenge consists in guaranteeing data integrity, and, if not possible, bringing the system to a safe mode and stopping the execution of any function. The best integrity protection solutions are based on cryptography and associated security mechanisms, such as digital signatures and message authentication.

Secure Boot
Secure Boot functionality utilizes a digital certificate-based chain of trust to help prevent malicious software applications from loading during the system start-up process.

These are just a few examples of security measures that developers have available to ensure the proper use and performance of the medical device in a healthcare setting.

If you are planning to attend MD&M West February 6-8 in Anaheim, stop by Wibu-Systems booth #976 and we’ll tell you more about protecting medical device end points and security.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Schneiderstr. 6, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.