Cybersecurity, healthcare and medical devices….and “hacking”. This is a overused word perhaps today, somewhat like the trendy word “awesome”. A tremendous amount has been written about this, but some of the most basic perhaps need to be re-enforced. (See link to the educational seminar that Integra Systems, Inc. provided for General Electric Healthcare) last year}
http://www3.gehealthcare.com/en/education/clinical_education/cybersecurity_essentials_for_healthcare
Being involved with high secure environments for many years; security is about providing layers and layers of security and using common sense. Part of our challenge today is the mobility world we live in; the increasingly connected IOT environment…and a somewhat lazy security understanding and response. All these now connected mobile devices and the IOT world, could provide unique “back doors” of entry. For example one major retailer was compromised when the somewhat insecure HVAC networked connected enterprise allow a “back door” to the corporate environment. Once the intruder got in they were able to learn the social behaviors of the company, figure the administration passwords, then strike at the appropriate time at the POS (point of sale terminals), then vanish.
Pretty much all the medical device vendors have gone down the route of implementing WLAN and connecting to the enterprise network. A whole lot of business reasons support this from the smart infusion pump to WMTS becoming legacy for patient monitoring. It saves a lot of costs and drives down risk. The bottom line; if correctly architected WLAN for any medical device is secure and can provide the right quality of service for the application intended. However, it does not stop just there. The WLAN enterprise network providers are constantly doing things to improve security almost on a month-to-month basis. The WLAN medical device companies should look at these changes as major league positive, but they should also continue to test, validate and verify their FDA approved WLAN medical device against these new changes as well as the ongoing changes approved by IEEE 802.11 specification.
If we go back to the area of “hacking”, this is an area where you now need to think about the basics. For example, how complex and different are your passwords for each application, how often do you change them, do you use biometric or two step authentication? Do you log in and out with time outs?
Do you take time to slow down to look at perhaps phishing emails, and have the appropriate network appliances to filter these out? What layered enterprise security strategy do you have in place? These are some of what I consider some of the foremost companies in the security space to take a look at.
www.ixiacom.com
www.trapx.com
www.fireeye.com
www.extremenetworks.com
As a side, I never rely upon my network carrier in my home for security; I create my own internal secure layered enterprise network.
