Medical Device Security
There are certain security controls and practices that are advised when using network-enabled medical devices. Not all devices will support the controls but research and security audits prior to purchase should help determine any flaws as well as appropriate controls to compensate security risk.
Change Default Credentials
If a device is left with default credentials, it is highly vulnerable to attack and medical devices are no exception. Before any device is rolled out the default credentials should be changed and where you’re not able to change the default credentials, the account shouldn’t be used. Account credentials used in place of the default credentials should be compliant with organizational password policies.
Changing the default passwords can be ineffective if the device can be easily compromised with a brute force attack. Account lockout polices should be configured to block logins after multiple failed attempts over a short space of time.
Enable Secure Transport
Devices should be configured to only send data in a secure format and via secure protocols like SSH and HTTPS instead of insecure protocols like TELNET and HTTP. Insecure protocols should be disabled where possible.
It is important to note that when enabling such secure protocols that these same features should be supported on the electronic health records (EHR) interface side as well as on any other systems that the device will be communicating.
Take a spare copy of Firmware/Software
In the event that a device has been compromised or issues arise with the software, having a copy of the devices firmware or software is critical to restoring the device to a functional state in a timely manner.
Backup of Device Configuration
As well as firmware/ software to run the device, there are most likely custom configurations required for the device to function correctly on the organizations network. Backing up the custom settings after any changes are made will help to ensure that devices can be restored to functional status in a timely manner. It’s best practice to store one copy locally and another in a remote location to ensure recoverability in the event of a local disaster, both locations should be secure.
Related to the controls above, baseline configurations should be established for each device to ensure the proper configuration of the device with regards to clinical functionality and security. In the event that a device-specific backup is not available, the baseline configuration can be applied to ensure the quick restoration of the device in a manner that is compliant with organizational security policies.
Baseline configurations should be stored in a secure location to prevent any tampering by unauthorized individuals. Organizations should ensure that their baselines are updated whenever approved changes are made to device configurations.
Medical devices should support encryption of any PHI and/or PII stored on the device. This feature will need to be turned on in case the device is stolen or an unauthorised user gains access to the physical device.
Different User Accounts
User accounts and admin accounts should be setup on the device. In an ideal situation the admin account should be bound to the management interface and unusable on any internet-facing interface. Any accounts that aren’t in use should be removed/disabled.
Restrict access to Management Interface
The management interface on a device has the potential to do the most damage if compromised, as will administrative privileges on the device. Communication to this interface for making changes to the device should be locked down to only authorized terminals.
All devices will need to be updated at some point whether that’s via an automatic download or a manual download. There should be suitable measures put in place to identify the need for updates and to ensure the routine update of all medical devices so that unpatched vulnerabilities remain minimized.
From time to time changes are made to systems whether that intentionally or unintentionally, may introduce changes to the device. Compliance Monitoring should be performed routinely to ensure that updates or other changes to the devices are consistent within baseline configurations and organizational security polices.
There should be suitable security controls in place to ensure that physical access to medical devices is limited only to authorized individuals and that physical theft of the device is prohibited.
How AgosIT can help?
AgosIT combine years of experience from the Healthcare, Life Science and IT industries to understand and support Security controls and improvements required under regulation and best practice. To Learn more about how AgosIT can support your organization contact us today.