Navigation Links
UMass Amherst, Harvard experts say better systems needed for medical device cybersecurity
Date:7/19/2012

AMHERST, Mass. Medical devices save countless lives, and increasingly functions such as data storage and wireless communication allow for individualized patient care and other advances. But after their recent study, an interdisciplinary team of medical researchers and computer scientists warn that federal regulators need to improve how they track security and privacy problems in medical devices.

Researchers from Beth Israel Deaconess Medical Center Harvard Medical School and the University of Massachusetts Amherst analyzed reports from decades of U.S. Food and Drug Administration's (FDA) databases and found that established mechanisms for evaluating device safety may not be suitable for security and privacy problems. The researchers, members of the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS), report results in the current issue of the PLoS ONE journal.

Overall, they suggest a more effective reporting system for medical device cybersecurity should be established to catch security problems that otherwise could rapidly spread.

Computer scientist and medical device security expert Kevin Fu at UMass Amherst and electrophysiologist Daniel Kramer at Harvard recommend that federal surveillance strategies should "rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware," to improve detection of problems that could affect millions of patients who use such devices for treatment from heart disease to diabetes.

Fu says that increasingly, wireless communication and Internet connectivity are used to control devices and transmit patients' information. But little is known about the prevalence of risks. Kramer, Fu and their colleagues set out to evaluate product recalls and adverse event reports in three comprehensive, publicly available databases maintained by the FDA: its own weekly enforcement reports of device recalls, its database of Medical and Radiation Emitting Device Recalls (MREDR) and the Manufacturer and User Facility Device Experience (MAUDE) database.

They did not find recalls or adverse events directly linked to security or privacy problems, despite a high prevalence of recalls related to software, plus fewer recalls related to patient data storage or wireless communication. While the lack of glaring security or privacy concerns through this search strategy may be reassuring, the authors also conclude that the current classification methods in these databases are not well suited to emerging types of device malfunctions.

Indeed, to test the effectiveness of the FDA's adverse event reporting mechanism for security and privacy problems, one co-author also submitted a software vulnerability report for an automated external defibrillator in July 2011. Nine months later, it was processed and made public. "As the time from discovery of a conventional computer security vulnerability to global exploitation of a flaw is often measured in hours, a nine-month processing delay may not be an effective strategy for ensuring the security of software-based medical devices," Fu and colleagues point out.

Software-related recalls may be of particular concern going forward, the experts add. Conventional malware has already infected clinical computing systems. For example, the Department of Veterans Affairs found a factory-installed device arrived already infected. And, Fu recently discovered that a medical device manufacturer's website for ventilator software had been infected with malware.

"Medical devices do a tremendous amount of good every day for many millions of people," says Daniel Chenok, chair of the U.S. National Institute of Standards and Technology's information security and privacy advisory board and vice president for technology strategy at IBM Global Business Services. He adds that the government needs to take steps to ensure that cybersecurity concerns don't make consumers think twice about whether a device is safe.

Earlier this year, Chenok wrote to Health and Human Services Secretary (HHS) Kathleen Sebelius that "lack of reported incidents also results from a lack of effective reporting mechanisms from clinical settings to the government about cybersecurity threats in medical devices." The point, he adds, is that "we really don't know what this cybersecurity problem looks like. What's the size of the issue, and how should the government best tackle it?"

The fundamental problem is vulnerabilities in medical devices, not the FDA's slow handling of them, adds Carl Gunter at the University of Illinois at Urbana-Champaign and director of the SHARPS group. "Of course, in an ideal world, devices would be free of security and privacy vulnerabilities, so it wouldn't matter if the announcement process is slow. But the technical obstacles are significant and FDA surveillance will be a key line of defense. The authors have done an important service pointing out the need to improve that system."


'/>"/>

Contact: Janet Lathrop
jlathrop@admin.umass.edu
413-545-0444
University of Massachusetts at Amherst
Source:Eurekalert  

Related biology technology :

1. UMass Amherst polymer scientists, physicists develop new way to shape thin gel sheets
2. Harvards Wyss Institute creates living human gut-on-a-chip
3. Harvards Wyss Institute develops DNA nanorobot to trigger targeted therapeutic responses
4. Niels Bohr Institute gets top researcher from Harvard
5. Maths experts question key ecological theory
6. TAKE Solutions Brings Together Leading Experts and TAKE Customers at “Converge 2012” to Discuss Business
7. Fusion presents low proliferation risk, experts conclude
8. Experts Strengthen Albright Stonebridge Groups Global Reach
9. Fusion presents low proliferation risk, experts conclude
10. Social networking shortcut to finding medical experts
11. Medical Experts Who Participated in CSL Behrings Key Issues Dialogue Prefer Albumin for Fluid Management
Post Your Comments:
*Name:
*Comment:
*Email:
Related Image:
UMass Amherst, Harvard experts say better systems  needed for medical device cybersecurity 
(Date:6/23/2016)... Calif. , June 23, 2016  Blueprint Bio, ... biological discoveries to the medical community, has closed its ... Matthew Nunez . "We have received ... with the capital we need to meet our current ... essentially provide us the runway to complete validation on ...
(Date:6/23/2016)... June 23, 2016 On Wednesday, June ... 4,833.32, down 0.22%; the Dow Jones Industrial Average edged 0.27% ... at 2,085.45, down 0.17%. Stock-Callers.com has initiated coverage on the ... Nektar Therapeutics (NASDAQ: NKTR ), Aralez Pharmaceuticals Inc. ... BIND ). Learn more about these stocks by ...
(Date:6/23/2016)... Prairie, WI (PRWEB) , ... June 23, 2016 ... ... consultancy focused on quality, regulatory and technical consulting, provides a free webinar ... is presented on July 13, 2016 at 12pm CT at no charge. , ...
(Date:6/23/2016)... June 22, 2016  Amgen (NASDAQ: AMGN ... QB3@953 life sciences incubator to accelerate the ... shared laboratory space at QB3@953 was created to help ... obstacle for many early stage organizations - access to ... sponsorship, Amgen launched two "Amgen Golden Ticket" awards, providing ...
Breaking Biology Technology:
(Date:5/9/2016)... 2016 Elevay is currently known ... freedom for high net worth professionals seeking travel for ... connected world, there is still no substitute for a ... sealing your deal with a firm handshake. This is ... advantage of citizenship via investment programs like those offered ...
(Date:4/28/2016)... and BANGALORE, India , April 28, ... Systems, a product subsidiary of Infosys (NYSE: INFY ... announced a global partnership that will provide end ... use mobile banking and payment services.      (Logo: ... key innovation area for financial services, but it also plays ...
(Date:4/26/2016)... and LONDON , April 26, ... of EdgeVerve Systems, a product subsidiary of Infosys ... announced a partnership to integrate the Onegini mobile ...      (Logo: http://photos.prnewswire.com/prnh/20151104/283829LOGO ) ... customers enhanced security to access and transact across ...
Breaking Biology News(10 mins):