For those that have been through our training or heard me speak to one of their organizations, you know I touch on the subject of Network Connected Devices.
These devices are already in many practices and have been for some time. If you remember a few years ago Vice President Dick Cheney had minor surgery to get a modification to his pacemaker to increase its security. Recently researchers used a blue tooth enabled pacemaker to “kill” a patient simulator dummy in an educational setting.
With ease of access. The security level for these devices is going down.
What sorts of devices will become prevalent in our clinical operations? Pacemakers, Insulin Pumps, and even tooth brushes are already prevalent. IV delivery systems and ECG units have been wirelessly network connected for many years. So how easy is it for a criminal hacker to start the process of hacking a medical device?
Devices Easily Discoverable
The US alone has more than 36,000 healthcare related devices that are easily discover-able on Shodan. A search engine for internet connected devices! Not all are necessarily vulnerable to attack. They are however publicly exposed making them more likely to be targets.
What can you do as a practice to safely utilize connected devices?
- Have strong firewalls at your network perimeter
- Ensure the device meets NIST (National Institute of Science and Technology) Standards
- Utilize consultants and specialists to evaluate overall security
- Segregate and separate “public” wireless from the practice network.
- Keep all devices and systems patched and updated
By using a combination of best practices and common sense, you can improve patient quality of care with new technology, while maintaining safety and security of your patients and their data.
UPDATE – After this was posted there was a major recall of pacemakers. The problem is that they could be hacked and the settings change. Read about it here
Unless you have been living under a rock, or have gone Amish, Ransomware should not only be part of your vocabulary but should be part of your drea…er…nightmares. In fact if you are a practice owner or manager you should have Plutophobia. Continue reading →
Leadership is the result of this L=C*E Remedial Algebra? No, this is the formula where: L=Leadership C=Communications E=Example This is truly the starting point for not just business success for your practice, but is essential for building a security culture within that practice. Without a culture of security, and its resultant attention to detail, […] Continue reading →
I’ve been told that during presentations that I do for dental societies, study groups, and practices, the portions that stick with audience members the most are those where I delve into real world examples of Information Security failures. So in the spirit of good stories with a learning (what not to do) component. I […] Continue reading →
Ransomware, that dreaded and feared sub-species of malware we all loathe. It’s been around a while now, and the days of single machine encryption and single Bitcoin payments are over. Yes like some living, breathing and toothy beast, Ransomware has evolved. Continue reading →
Pay us or your Data Dies… As a cadet lieutenant in the early 90’s (when I imagined my career path was to be the United States Army), I was handed a unique problem. With a group of 4 men, I was to practice “unconventional” warfare against a visiting schools ROTC unit during a field exercise. […] Continue reading →
Most of the policies in your acceptable use policy are going to pertain to the computers and the software you are using on your network. Continue reading →
Cyber Attacks have become more sophisticated and more frequent. Data loss is a growing concern that is only going to get worse for ever business in every industry. With the growing dependence on comptuers and access to the internet. This problem is going to continue to get worse at an increasing rate Continue reading →
Cyber Security can make or break your business so after you have had your security audit you will know where you need to improve to minimize the loss of data to your company. That is a great step to make. How ever with out cyber security training your staff about the dangers that are out […] Continue reading →
If you are like most in the health-care industry you might have asked yourself at one time or another, “what would hackers or information thieves want that we have in our systems?”. After all you are not a bank or credit card company with tons of financial information, or are you? They want your health […] Continue reading →