Medical Device Security Challenges

Behind lifesaving medical devices are Cyber Experts hard at work to secure and protect Patient Health Information (PHI). Check out this video on securing medical devices.

Cutting edge medical devices save lives! Not only do they save lives but they carry a vector of complicated communications and a unique set of security challenges. Cyber Security Expert Lee Neubecker, sits down with Sterling Medical Device’s top engineer, Keith Handler who develops cyber protection and security for their client’s medical devices.

Sterling Medical Devices helps companies design and develop mechanical & electronic medical devices and follows them through FDA approval. The conversation is educational and important to those interested in knowing how medical devices are cyber protected and secured. In this video, they outline the concerns that relate to the control, security, and confidentiality of the patient’s health information (PHI) when using these medical devices.

The transcript of Part 1 of our Series in Medical Device Security

Lee Neubecker: Hi, I have Kieth Handler here on my show from Sterling Medical Devices. Keith is a top engineer here that helps ensure cybersecurity and resilience and protection of medical devices of their clients. They help assist through the FDA certification process. Keith, thank you, thank you for being on my show.

Keith Handler: Thanks for having me, Lee.

LN: So can you tell me a little bit about what your firm does and how it helps clients in cybersphere?

KH: Yeah, sure. Sterling Medical Devices is a 13485 certified product development firm. We help various companies design and develop electro-mechanical medical devices. Pretty much from, anything from concept all the way to submission to the FDA.

LN: So, can you tell everyone what, ISO…?

KH: 13485?

LN: 13485 Certification means?

KH: Yes that is, that is the ISO standard that defines the product development and manufacture of medical devices. It defines all the processes that we generally run our business by.

LN: Okay, so what are some of the concerns that you have as it relates to the patient personalized information, sometimes known as PHI? Is that right?

KH: Yeah, patient help information, that’s correct. Well, you know, our first concern, of course, with any medical device is safe. We want to make sure that the devices are treating patients as intended and not presenting any undue harm to the patient or anybody else. The second thing is the Patient Help Information. It’s very important that we maintain confidentiality for all patients, in any of these systems. Diagnostics, their personal information, all need to be protected.

LN: These devices, they have PHI, they also have, they also are involved with the generation of electronic medical records, known as EMR, that feed into the various hospital systems that are used to provide and deliver healthcare to users. As it relates to this, what are some of the top concerns that you try to address as it pertains to safety for your clients?

KH: Well, when it comes to information or command and control that can be done remotely on a device, it’s again important to maintain the integrity of those communications, and to protect everything there. One of the hardest aspects, I would say, is integrating a medical device into a larger hospital system. We may have control over the confidentiality of the information, and of the commands that are sent and received within a device, but as soon as we connect to an external system we lose control of that data. So, it becomes a unique challenge to try and make sure we are protecting, and not only in our system but also in any system ours might integrate with.

LN: Yeah, and there’s such a myriad of ways devices connect, Bluetooth, wifi–

KH: Yes.

LN: I’m not sure if medical devices use infrared or–

KH: Yes.

LN: Near band communication, but there are all these vectors of communication that create new threats and potentials for compromise.

KH: And typically medical hardware is pretty cutting edge, you know, some of the things that they’re trying to treat now still can’t. So all of these things that you’re bringing up, all exist in medical, all need to be protected.

LN: Great, so in our next segment we’ll be talking a little bit more about the FDA, the certification process, and some of the standards that devices might undergo to help ensure adoption by the FDA, and to make them commercially viable to be sold in the United States. And then, in our third segment, we’ll talk more about protecting devices against cyber compromise, the firmware and software that gets embedded into these devices, and other things that should be done to help keep medical devices safe and secure. Thanks for being on the show today.

KH: Thanks again for having me, Lee.

Related Materials on Medical Malpractice

Forensic Imaging

See more about Sterling Medical Devices on their website.

See other related websites for more information about Medical Device security.

FDA ISO Standards

FDA Medical Device Cybersecurity Guidelines

Please follow and like us:

Tech Tips for Keeping Your Devices Secure When Traveling

Lee Neubecker, President & CEO of Enigma Forensics, sits down with travel expert Robbie Gold. Together they discuss the ins and outs of securing your technical devices when traveling, including devices that may help you in the event of a power outage, and cool tips to help keep your belongings and technology safe. Check out this video that outlines what we believe to be the best practices to travel securely.

This video contains easy important tips to secure your technical devices while traveling.

The video transcript follows

Lee Neubecker (LN): Hi, I have Robbie Gold, President of Travel Center Tours on my show today, to talk a little bit about travel, the travel industry, as well as cyber tips that I’m going to give him to help his clients. Robbie, thanks for being on the show.

Robbie Gold (RG): Thank you, Lee. So, when my clients are traveling out of the United States, what information can you give us on cyber safety that they would need to use while traveling?

LN: Yeah, well, certainly, first you want to make sure that you have all your important documents, including your credit card numbers, the phone numbers to dial, you want to have that information with your travel agent or alternatively, you want to have that documentation put up into the Cloud but encrypted so no one else can get to it but so that you can access it if your bags are stolen and you lose your documents.

RG: And what about if they lose their credit cards, besides reporting them to the credit card company?

LN: Yeah well you know, reporting to the credit card company is important, I, usually, like if you have American Express, they’ll ship you a card next day, in those circumstances, to your hotel but it’s not a bad idea to arrange to have someone on hand, to make sure you have someone on hand that has funds that they can wire to you and what I’d recommend is if you’re going to do that, establish a secret, you know, password in person, don’t text it, don’t email it but give them some phrase or something so that they know that it’s really you asking for it and not a scam by, you know, some type of dubious person trying to impersonate you.

RG: Okay and then what other cyber tips can you give the clients, as far as traveling?

LN: Well, one thing that I’d recommend is getting a VPN, a virtual private network, for your smartphone and your laptop and what this does is it creates a tunnel, if you’re on a hotel network or on a cruise ship, it will create an encrypted tunnel between you and your email or you and your bank provider or your airline or even Netflix and it will let you get that information without the cruise ship or the hotel kind of getting in the middle of your communications.

RG: So, that would make everything secure for you?

LN: It would make it much more secure. Express VPN is one I like, it doesn’t cost much and you can get it for multiple devices and it will also let you often access content that the hotels and the cruise ships purposely try to slow down, so.

RG: Okay, what about for information, once you’re at the destination?

LN: Well, what I’d recommend is, before you get to the destination, there’s a great app called and it allows you to download travel guides for your destination and you’re able to have preloaded maps, that even if you don’t have your data plan on, you can still navigate and it will tell you, based on your GPS coordinates, what’s around you and it can help you find a coffee shop, it can help you get back to port and it gives you kind of like a, you know, a navigation but in your hand, without a data plan and that’s really nice, especially if you’re trying to explore and you don’t want to get lost.

RG: And let’s say something happens and we either lose our laptop or our cell phone, is there anything we should have done to make our trip easier?

LN: Well, I’d recommend, before you leave, always back up your laptop and always back up your cell phone and if you’re really paranoid going through security, in some countries, they might randomly inspect your cell phone and the contents and if you work in a sensitive industry or you have patient medical records or other trade secrets or sensitive PII, you want to, you may want to consider wiping the phone after you’ve backed it up and then after you get through a security checkpoint and you have an internet connection, you can then restore your phone back and you won’t have a risk of someone inspecting and getting access to your phone contents.

RG: Okay and I always hear about people having problems when they’ve used bank ATMs or certain things, where people have gone over and they put a shell over them so what kind of safe practices should we use for both our computer and while traveling?

LN: Yeah, well, what’s nice, when you travel in Europe, usually, they don’t take the credit card away from you, they bring the reader to you and you get to see everything happen there. You might want to consider, though, getting a temporary credit card from your credit card company and certainly notifying them where you’re traveling, that’s important because, if you don’t let them know that you’re traveling to a certain country, there’s a good chance your card will be shut off and you know, you can also use some of those preloaded gift cards as a way to you know, protect your account but you know, monitoring is key, if you’re checking your account balances if you set up alerts with your bank, a lot of times, you can get a daily email or an email every time a transaction hits and then you’ll know if something’s happened.

RG: Well and one of the other things I know I’ve done is I’ve put on that there can only be one or two transactions per day and then put the dollar amount on so I would have to call the bank to open it up if I was making a major purchase.

LN: So, when you go to the casino in Las Vegas.

RG: Correct.

LN: You have your bank on speed dial?

RG: Exactly, now what about doing some of these things where I need a charger or you know, I’m getting ready to plug in my computer into one of the USB ports, is that safe or?

LN: Yeah, well, it’s possible that those USB charging stations you see in the airports, especially in some foreign countries, that when you plug it in, your phone could get injected with spyware. So, I’d recommend that you’d travel with your own power brick, you know, one of the things I highly recommend is this solar charging, it’s a battery pack and flashlight so you can use it to signal and you can keep it with you in your backpack and if you’re going out to the beach or sitting on a cruise by the pool, you can lay it out, get sun and you can charge multiple devices with it, without having to plugin. But certainly, bring your power brick as well and I like these, they have these combination cords that have all three of the popular tips so it’s, you know, one less of the cords to carry.

RG: Oh, it’s very convenient.

LN: So, this device, I’d recommend, it’s the HI-S025 solar charger, that’s really nice and then if you’re also looking at gadgets and other things, this won’t keep you cyber secure but it might help you sleep at night if you’ve got someone snoring. It’s an OontZ speaker, Bluetooth speakerphone that’s also shower-proof so that’s kind of nice.

RG: Okay, so let’s recap all the things that you said. We should bring copies of our documents and make sure they’re in the Cloud, we should have a contact where we might want to wire money to us and have a secret phrase, install a VPN, if you’re looking for local things once you arrive, you want to download, backup your laptop and your cell phone–

LN: And make sure,, that you load the cities you’re going to before you get there so that you have the maps preloaded.

RG: Okay, perfect and you want to back up your laptop and your cell phone and if you do have secure information on there, you might consider wiping it clean and then reloading it once you’ve been through security, you want to make sure you’re practicing with a safe USB and consider an alternate solar-power source, in case you need to charge your phone or your laptop.

LN: And one last thing, if you haven’t heard of these, they’re called Tiles and you can attach them to your key chain, you can also put ’em inside of your bags so if someone were to grab your bag with your important documents and you had this inside, you can go to the local authorities and you might have a chance of actually recovering the bag so this is another proactive measure, these are, you can get four of them for somewhere around 100 dollars.

RG: Okay.

LN: Great.

RG: I think these are great tips, thank you.

LN: Thank you, Robbie, it’s been great having you on.

Please follow and like us: