[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] CIO weighs the dilemma of medical device FDA security updates


By Patrick Ouellette
Health IT Security
February 27, 2013

As John D. Halamka, MD, is CIO of Beth Israel Deaconess Medical Center (BIDMC), notes in a recent blog post, dealing with medical device security can certainly be a hassle for CIOs on a number of levels.

One of the major barriers in securing these devices is the fact that many healthcare organizationsâ legacy systems are out of date and need to be replaced or somehow updated. Halamka mentioned an example of devices that BIDMC uses from a major manufacturer that internally use Windows NT as the operating system (OS) and the Apache 1.0 web server. There are no patches around to help protect these devices from hacks and malware. So instead, Halamka and BIDMC have built device firewalls for safeguards. Itâs safe to say that not every organization has the expertise and resources available to build these firewalls on the fly, so this remains a huge issue. Furthermore, manufacturers rarely allow product mappings that would allow these executives to form and manage the firewalls.

FDA 501k certification is another hurdle that organizations need to deal with, as manufacturers have stated that an upgrade or software patch would require re-certification. Of course, there are two sides to every story and the FDA claims that both organizations and manufacturers have to collaborate in keeping these devices secure.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!