In the popular American TV series that aired on ABC in the 70s, Steve Austin is the “Six million Dollar Man”, a former astronaut with bionic implants. The show and its spinoff, The Bionic Woman (Lindsay Wagner playing a former tennis player who was rebuilt with bionic parts similar to Austin after a parachuting accident)[…]
If you are a HIPAA covered entity or a business associate vendor to a HIPAA covered entity the question of HIPAA – the question of securing patient data is central to your business. If you are a big organization, you probably don’t need my advice – since you have a lot of money to spend[…]
From a recent article in Healthcare Global. Studies suggest that 30-50 percent of patients are likely to give up treatments early. Microsoft Research has developed an innovative, hand-held medical device called Anatonme to help patients understand their issue and complete their treatment plan more often. We’ve been doing research and development into private, controlled social[…]
Beyond the firewall – data loss prevention What a simple idea. It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, then you’ve mitigated the threat. Data loss prevention is a category of information security products that has matured from Web / email content filtering products[…]
Saw this item on Gigaom. George Colony, the chairman and CEO of Forrester Research, re-ignited a minor firestorm recently, with a presentation at the LeWeb conference in which he argued that the web is dead, and being replaced by the app economy — with mobile and smartphone apps that leverage the cloud or other services rather than[…]
I think it’s only a question of time before we have a drive by execution of a politician with an ICD (implanted cardiac device). I’ve been talking to our medical device customers about mobile security of implanted devices for over a year now. I gave a talk about mobile medical device security at the Logtel[…]
What is more important – patient safety or the health of the enterprise hospital Windows network? What is more important – writing secure code or installing an anti-virus?
Software Associates specializes in helping medical device vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and mobile environments.
A threat analysis was performed on a medical device used in intensive care units. The threat analysis used the PTA (Practical threat analysis) methodology.
Our analysis considered threats to three assets: medical device availability, the hospital enterprise network and patient confidentiality/HIPAA compliance. Following the threat analysis, a prioritized plan of security countermeasures was built and implemented including the issue of propagation of viruses and malware into the hospital network (See Section III below).
Installing anti-virus software on a medical device is less effective than implementing other security countermeasures that mitigate more severe threats – ePHI leakage, software defects and USB access.
A novel benefit of our approach is derived by providing the analytical results as a standard threat model database, which can be used by medical device vendors and customers to model changes in risk profile as technology and operating environment evolve. The threat modelling software can be downloaded here.
I’m getting some push back on LinkedIn on my articles on banning Microsoft Windows from medical devices that are installed in hospitals – read more about why Windows is a bad idea for medical devices here and here. Scott Caldwell tells us that the FDA doesn’t rule “out” or “in” any particular technology, including Windows[…]
Ethical breaches or data breaches. I was standing in line at Ben Gurion airport, waiting for my bag to be x-rayed. A conversation started with a woman standing next to me in line. The usual sort – “Where are you traveling and what kind of work do you do?”. I replied that I was traveling[…]
In a previous post The Microsoft Monoculture as a threat to national security, I suggested that the FDA might consider banning Windows as an operating system platform for medical devices and their accompanying information management systems. One of my readers took umbrage at the notion of legislating one monoculture (Microsoft) with another (Linux) and how[…]