Biomedical devices in contemporary hospitals and other care delivery environments are necessarily ubiquitous. They are instrumental for delivering excellent health care.
We conducted a security risk assessment at a 400 bed hospital, and found the following:
Book a Free 30 Minute Consultation and Lets Make a Plan Together
For IT security practitioners, such biomedical devices are often a bane.
For various reasons, including unclear regulatory direction, many biomedical devices use outdated operating systems that run applications built with inadequate software security. As a result:
In most hospitals we assess, devices are rarely segregated into “Virtual LANS” that provide an added measure of safety. Instead in most hospitals, a virus infiltrating, say an old infusion pump running an unpatched version of Windows 2000 can propagate like wildfire, bringing the main hospital network to a crawl or even fully disabling it. Another example of a security hole is the use of an “unsecured” or poorly secured wireless connection that is easily exploitable by an attacker with rudimentary wireless hacking equipment.
Obviously the ramifications for a hospital are tremendous. Information is the lifeblood of modern hospitals – from admitting, to billing, to labs, and diagnostic machines to electronic medical record repositories, a modern hospital cannot function without reliable information.
For medical device companies we conduct a thorough data-flow based risk analysis of your device. This can include risks:
Techumen’s approach, and accompanying risk assessment report, follows the recommended FDA method for gauging risk and address the following elements:
Medical device manufacturers must adhere to strict guidance from the FDA. A risk assessment is now a requirement for any medical device that is to be connected within a provider network. Techumen’s analysis provides an expert independent assessment of your risks and how they should be mitigated.