The Solution to Medical Device Security Also Could Save Tens of Thousands of Lives and Millions of Dollars

Similar documents
The anesthesiologist switches the patient from the ventilator to the cardiopulmonary

STATEMENT. JEFFREY SHUREN, M.D., J.D. Director, Center for Devices and Radiological Health Food and Drug Administration

Using Innovation to Advance Interoperability

Advanced Medical Technology Training and the APSF Recommendations: Perspectives from my Vantage Point

OHTAC Recommendation. Implementation and Use of Smart Medication Delivery Systems

(111) VerDate Sep :55 Jun 27, 2017 Jkt PO Frm Fmt 6601 Sfmt 6601 E:\HR\OC\A910.XXX A910

OVERVIEW OF STATEMENT OF MICHAEL MARCHLIK VICE PRESIDENT - QUALITY ASSURANCE AND REGULATORY AFFAIRS MCKESSON TECHNOLOGY SOLUTIONS

Cybersecurity United States National Security Strategy President Barack Obama

A Five-Step Roadmap to Building Your Mobility Strategy

Acute Care Workflow Solutions

Alaris Products. Protecting patients at the point of care

The Role of Exercises in Training the Nation's Cyber First-Responders

Digistat Patient Watch

Services Programs (NASCSP), I am pleased to submit testimony in support of the

A Systems Approach to Patient Safety at the VA

The current Army operating concept is to Win in a complex

Vision on Medical Device Plug and Play. Qixin Wang Assistant Professor, Dept. of Computing, The Hong Kong Polytechnic University June 21, 2009

The best days in this job are when I have the privilege of visiting our Soldiers, Sailors, Airmen,

Medical devices are pervasive throughout modern

Lessons from Chicago

July 7, Dear Mr. Patel:

Collaborative coordination of fire support mission execution

Patient Safety Reporting System for Nursing Homes Patient Safety Authority Commonwealth of Pennsylvania. Government to Business (G to B)

UNCLASSIFIED FY 2017 OCO. FY 2017 Base

Task Force Innovation Working Groups

SPOK MESSENGER. Improving Staff Efficiency and Patient Care With Timely Communications and Critical Connectivity

UNCLASSIFIED. R-1 Program Element (Number/Name) PE F / Distributed Common Ground/Surface Systems. Prior Years FY 2013 FY 2014 FY 2015

For some years, the automation of hospital administrative

Information and technology for better care. Health and Social Care Information Centre Strategy

EMERGING TRENDS WHAT I WILL COVER INCREASED INTEREST DEVICES ARE MIGRATING SAFE AND RELIABLE DEVICES LEAD TO LIVING WELL

Army Network Campaign Plan and Beyond

How can oncology practices deliver better care? It starts with staying connected.

A Call to the Future

AVIONICS CYBER TEST AND EVALUATION

APEC Telecommunications and Information Working Group Strategic Action Plan PREAMBLE

Advanced Explosive Ordnance Disposal Robotic System (AEODRS)

White Paper: Mobilizing Patient Care. Mobile Solutions Are a Game Changer for Hospital-Based Nurses

HOW CONNECTING DISPARATE COMMUNICATION SYSTEMS CAN IMPROVE PATIENT OUTCOMES

WARFIGHTER MODELING, SIMULATION, ANALYSIS AND INTEGRATION SUPPORT (WMSA&IS)

Challenges of a New Capability-Based Defense Strategy: Transforming US Strategic Forces. J.D. Crouch II March 5, 2003

Health Technology for Tomorrow

HL7 v2 IEEE and DoseLink. HIMSS Interoperability Showcase Page 1 of 11

UNCLASSIFIED R-1 ITEM NOMENCLATURE

Lessons in Innovation: The SSBN Tactical Control System Upgrade

Air Force Science & Technology Strategy ~~~ AJ~_...c:..\G.~~ Norton A. Schwartz General, USAF Chief of Staff. Secretary of the Air Force

Joint Information Environment. White Paper. 22 January 2013

05/14/2003. Science Committee, U.S. House of Representatives. Statement by Dr. Tony Tether

Top Ten Health Technology Hazards

Indicator-Based Information system for Public Health (IBIS-PH) Data, Information and Knowledge Management Category Executive Summary

UNCLASSIFIED/ AFCEA Alamo Chapter. MG Garrett S. Yee. Acting Cybersecurity Director Army Chief Information Officer/G-6. June 2017 UNCLASSIFIED

SURVEYOR CENTRAL MONITORING SYSTEM

ebook 6Six Steps to Developing a Successful Clinical Smartphone Strategy

Assessing and Optimizing Operations and Patient Flow in VHA Facilities

2016 State of the SOX/Internal Controls Market Survey

Joint Interoperability Certification

UNCLASSIFIED. R-1 ITEM NOMENCLATURE PE D8Z: Central Test and Evaluation Investment Program (CTEIP) FY 2011 Total Estimate. FY 2011 OCO Estimate

SNOMED CT AND 3M HDD: THE SUCCESSFUL IMPLEMENTATION STRATEGY

The Institute of Medicine concluded that medical

FORCE XXI BATTLE COMMAND, BRIGADE AND BELOW (FBCB2)

NINE TIPS TO BRING ORDER TO HOSPITAL COMMUNICATION CHAOS

Right person. device time

PHARMACY SERVICES/MEDICATION USE

End-to-end infusion safety. Safely manage infusions from order to administration

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 15 R-1 Line #222

ABMS Organizational QI Forum Links QI, Research and Policy Highlights of Keynote Speakers Presentations

Searching for explosive hazards with handheld mine detectors can be both physically SREHD SHREDS COMPETITION. the HANDHELD

CWE TM COMPATIBILITY ENFORCEMENT

Ontario Nurses Association Position Statement on The Generic Health-Care Worker

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 7 R-1 Line #73

IMPROVING EFFICIENCY AND COST SAVINGS. Technology Solutions for NHS Hospitals

10 Things To Know About

Review Comments for NSF SBIR proposal # : Libre Texting: A Reshaping of the Medium. Document # Records November 03, 2009

Centre for Healthcare Assistive & Robotics Technology Charting Future Healthcare Delivery

WHITE PAPER. The four big waves of contact center technology: From Insourcing Technology to Transformational Customer Experience.

Prepared Statement. Vice Admiral Raquel Bono, M.D. Director, Defense Health Agency REGARDING ELECTRONIC HEALTH RECORD MANAGEMENT BEFORE THE

2017 SOX & Internal Controls Professionals Group State of the SOX/Internal Controls Market Survey

Prepared Remarks for the Honorable Richard V. Spencer Secretary of the Navy Defense Science Board Arlington, VA 01 November 2017

Safety Innovations FOUNDATIONHTSI. Healthcare Alarm Safety What We Can Learn From Military Alarm Management Strategies

UNCLASSIFIED R-1 ITEM NOMENCLATURE. FY 2014 FY 2014 OCO ## Total FY 2015 FY 2016 FY 2017 FY 2018

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

America s Airmen are amazing. Even after more than two decades of nonstop. A Call to the Future. The New Air Force Strategic Framework

The Evolution of the Conference Room and the Technology Behind it

Networked Medical Devices And The IEC80001 Standard: Are You Ready?

Pamela Duncan, Ph.D PI COMPASS Trial Scott Rushing, Director Research Information Systems

Detecting Nuclear Weapons and Radiological Materials: How Effective Is Available Technology? Opening Statement

Innovative Developments for Patient Registries in Providing Outcomes Information

Air Force intelligence, surveillance, and reconnaissance (ISR)

Background Paper & Guiding Questions. Doctors in War Zones: International Policy and Healthcare during Armed Conflict

bd.com Pyxis Enterprise Server

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Future of Patient Safety and Healthcare Quality

HEALTHCARE TECHNOLOGY MANAGEMENT (HTM) Tackling Your Top Challenges

National Security Cyber Trends ALAMO ACE Presentation

Leading Intelligence INTEGRATION. Office of the Director of National Intelligence

What Hospitals Can Learn from Airlines About Buying Equipment ARTICLE OPERATIONS MANAGEMENT. by Peter Pronovost, Sezin Palmer and Alan Ravitz

Key Highlights

Federal Public Transportation Program: In Brief

Energy Policy and Innovation Center Request For Proposals April 2017

September 16 th, Dockets Management Branch (HFA-305) Food and Drug Administration 5630 Fishers Lane, Rm Rockville, MD 20852

AFCEA Mission Command Industry Engagement Symposium

Transcription:

The Solution to Medical Device Security Also Could Save Tens of Thousands of Lives and Millions of Dollars February 24, 2017 Evolver, Inc.

The Solution to Medical Device Security Could Save Tens of Thousands of Lives and Millions of Dollars The cybersecurity of medical devices has become a major topic in recent news in the last year as stories about the vulnerabilities of the Hospira Infusion System 1 and the St. Jude implantable devices 2 hit the front pages. The threat to patient safety through the cyber-attack of devices has even risen to the level of Congressional hearings 3. Numerous stories have been written on the subject and multiple conferences have been held, including FDA public workshops 4. Consequently, the FDA has published pre- and postmarket guidance documents 5 for device manufacturers. Understandably, many of the discussions are focused on how to design protection into future devices, which may require design changes that will take several years before they are available for deployment in hospitals. One answer to the medical device security problem, however, may actually save thousands of lives per year and save hospitals millions of dollars. Most of the discussion around medical devices has focused on how the companies building the devices can either make their newest devices more secure or how to modify existing devices to improve their security posture. The reality is that many of the devices cost tens of thousands of dollars and have operating lives of five to fifteen years. A hospital is not going to replace these devices solely because of a cyber vulnerability it is just not practical. So the devices that are in the hospitals are likely to be there for quite a long time. Therefore, the cybersecurity solution has to assume existing legacy devices have to be made more secure. Many Devices, Many Alerts, Many Deaths Hospitals require a myriad of medical devices to deliver modern healthcare, and many of these devices generate alarms or alerts when patient or device Figure 1 parameters are out of an acceptable range. Most medical device alarms are nuisance (or non-actionable) alarms that don t require intervention by a doctor or nurse they resolve by themselves. Medical staff are bombarded by alarms that eventually desensitizes staff to their criticality. Additionally, the alarms alone are not sufficient do not put the problem in context of the overall patient status, complicating decisions and actions. As shown in Figure 1, excessive alarms are a well-recognized problem since 85-99% of alarm signals do not require clinical intervention. This type of alarm fatigue is just one part of an alarming safety problem. According to the 2013 Journal of Patient Safety, between 210,000 and 440,000 patients each year who go to the hospital for care suffer 2 The Solution to Medical Device Security Also Will Save Tens of Thousands of Lives and Millions of Dollars

some type of preventable harm that contributes to their death 6. In May 2016, Johns Hopkins released a study indicating that death from medical errors account for the third highest cause of death in the U.S. behind cancer and heart disease 7. The rapid growth of technology has provided opportunities for new clinical information systems and capabilities that should be decreasing preventable harms. Despite the promise implicit in these new technologies, there is increased information overload and alarm fatigue. A Flawed Connectivity Architecture for Medical Care and Cybersecurity The rapid growth of technology over the past twenty years has resulted in a lot of new clinical information being available. Unfortunately, there was never a patient-centric device integration architecture for these devices, and many have been integrated through a series of one-off, one-to-one, and proprietary systems. As shown in Figure 2, a common patient environment has numerous devices all providing independent data though individual displays and unique interfaces to medical staff. As devices proliferate, so does the complexity of both device management and information correlation. Caregivers must become information integrators at the same time as they are dealing with the heavy demands of caring for patients. The introduction of new devices to improve patient care is hampered by the concern of further complicating device management and information correlation. The ad-hoc connectivity typical of medical devices shown in Figure 3 also is a challenge to cybersecurity. In cyber terms, each of those red dots is an attack surface that can be exploited as part of a cyber-attack. Increasingly, devices use wireless data connectivity, making the attack surface even broader. Figure 2, courtesy of [http://1.bp.blogspot.com/-s-npz1g0-3y/ufre7r339yi/aaaaaaaaac8/s2w59_5qcu8/s1600/ch W4.jpg edited by JM Goldman, MD] before prior to replacement. Furthermore, since many of the devices were made wireless with little cyber protection in the design, the attack surface may be broad and immature a very bad situation from a cybersecurity perspective. As mentioned earlier, these devices cost tens of thousands of dollars and will likely be in use for years Saving Lives and Protecting Hospital Infrastructures Interestingly, an approach to enable safer care while improving cybersecurity is the same: a change in architecture. The recommended change is the result of research performed by Dr. Julian Goldman and his team at Massachusetts General Hospital (MGH), funded by the National Institutes of Health, National Science Foundation, and U.S. Army over the past twelve years. Dr. Goldman is the Medical Director of Biomedical Engineering for Partners HealthCare System and an anesthesiologist at MGH. He founded the Medical Device Plug and Play (MD PnP) Interoperability program in 2004 to promote patient safety and clinical care by leading the development of patient-centric integrated clinical environments (ICE) 8. Years 3 The Solution to Medical Device Security Also Will Save Tens of Thousands of Lives and Millions of Dollars

of collaborative work resulted in an international standard for a platform-based ICE architecture ASTM F2769. 9 DocBox An important outcome of Dr. Goldman and the MD PnP program s research collaborations has been the development of the first commercial ICE platform by DocBox, Inc. DocBox, Inc. is headquartered is Newton, MA, developed a point of care ICE platform for use at the bedside. The DocBox implementation changes the overall architecture of the clinical environment from a series of independent devices into an interoperable platform. Figure 3 shows the current architecture, both networking and data, that is employed in clinical environments today. Figure 3 Under the ICE approach, the architecture changes dramatically. The devices communicate with a DocBox unit at each bed that then normalizes the data and provides a correlated view to the caregiver at the bedside. Instead of presenting caregivers with numerous potentially partial and differing views of information from individual devices, the caregiver sees a contextually aware, integrated view of the patient through apps which run on the platform. The platform enables the development and deployment of apps which can reduce alarm fatigue. 4 The Solution to Medical Device Security Also Will Save Tens of Thousands of Lives and Millions of Dollars

Reducing Attack Points The change in architecture also has another positive outcome, it reduces the cybersecurity attack surface of the clinical environment. As described before, the current environment has numerous attack points using devices that were not built with strong cyber protections. The implementation of the ICE architecture with DocBox reduces the attack surface to one unit at each patient. Furthermore, increased capabilities can be built into the interface layer of the DocBox that communicate with the devices, providing a greater level of security. Figure 4 shows the reduced attack surface and improved cyber protection from the current environment to a DocBox driven clinical environment. Figure 4 Another advantage to this architecture is that new technologies can be introduced into the environment without a major increase in cybersecurity risk to the facility network. Logical and business driven decisions can be made on devices as opposed restricting capability growth because of concern over introducing new technologies into the network. Saving Patients, Protecting Devices Three important capabilities of an ICE / DocBox implementation are the core mission of healthcare, saving the lives of patients, can be achieved there is a significant increase in patient care efficiency which reduces costs addressing one of the major issues facing clinical facilities today: cybersecurity 5 The Solution to Medical Device Security Also Will Save Tens of Thousands of Lives and Millions of Dollars

The DocBox platform is undergoing the first implementations today and is expected to be available in the US in late 2017. As hospitals and other facilities begin to tackle the cyber challenge, spending a lot of money on new devices and cyber tools would be better directed on changing the architecture of clinical care, which saves live, money and protects the cyber posture of the facility. 6 The Solution to Medical Device Security Also Will Save Tens of Thousands of Lives and Millions of Dollars

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback