Posts tagged "RISK"

Tip Of The Week – RISKs To Protect Your Medical Device From the Next Cyber Security Attack

July 9th, 2017 Posted by Software Lifecycle Management 0 thoughts on “Tip Of The Week – RISKs To Protect Your Medical Device From the Next Cyber Security Attack”

 

Author: Rami Azulay | Master ALM for Medical Device

In this article we have compiled a set of RISKs that you may want to consider in your RMF file, to better protect your medical device from future Cyber Security attacks. While the 2017 data is still sketchy, we can determine that security hacks of electronic medical records have more than doubled in 2015, costing the healthcare system at least $50 billion. This information is as per a new report from the American Action Forum. Recent 2017 cyber security attacks have not surpassed health care systems, and so we must address  how we should handle  such breaches.

It is our goal at ORCANOS to address health care systems security. We are seeking to come up with true practical actions that can be performed by any medical device vendor. Through  our ORCANOS | RISK management system, you can address cyber security events that are related to medical devices. This system is now available for you on our evaluation system;  you may  register on our web site www.orcanos.com.

A RISK based approach is the best way for any medical device vendor to both analyse  and mitigate cyber security breaches. The RISK system also forces the vendor to walk through the device design analysis so as to understand possibilities for security breaches.

In this post, the RISK based process is shortened for you, and we update you on  recent cyber attacks, as well as suggest how you can  handle them; based on  your device. The full list of RISKs on our evaluation system is available for FREE.

Electronic Health Record Systems

The most widely attacked systems at this time, are Electronic Health Record (EHR) systems. These attacks are not EHR specific, but impact other systems that are connected to the EHR. While the adoption of EHR systems promises tremendous benefits, including better care and decreased healthcare costs; serious unintended consequences from the implementation of these systems have emerged. Why is healthcare data such a target?  For one, data indicate that health care information is worth 10 to 20 times more than credit cards information on the black market (selling for at least $10 each). Additionally, medical information compared to credit card fraud, can be used in different ways – to access bank accounts, defraud insurers and governments, and obtain prescriptions.

So here are 4 ways to control this risk.

 

Electronic health records can be compromised

Hazard Cause Of Failure Effect Of Failure Risk Control
Electronic health records can be compromised
  • Have been developed from erroneous or incomplete design specifications;
  • Be dependent on unreliable hardware or software platforms;
  • Have programming errors or bugs;
  • Work well in one context or organization, but be unsafe or fail in another;
  • Change how clinicians do their daily work, thus introducing new potential failure modes.
Impact of Electronic Health Record Systems on Information Integrity: Quality and Safety Implications
  • Inoculate system by encrypting data-at-rest
  • Conduct an annual HIPAA security risk analysis
  • Conduct more frequent vulnerability assessments and penetration testing
  • Invest in the security awareness of your workforce

Pacemakers or insulin pumps vulnerability to high profile attacks

The recent introduction of Internet Of Things (IOT) into  medical device softwares, has  significantly exposed them to potential cyber attacks. One  case study discusses  an attack on of a “smart” insulin pump. According to the study, a hacker  could  kill the patient by ordering an insulin injection when none was needed. So-called “smart” devices are notoriously weak  when it comes to digital security. We have  seen too many high profile cases where  significant preventable damage was done. Equipment manufacturers often can’t be bothered to insert  reasonable security measures into the equipment they sell. This  means that  if your device is in some way connected to a network, it is critical that you ensure that access to your device is only possible by authorized personnel, and that your communication protocols are all encrypted or scrambled to the highest security network layer.

Pacemakers or insulin pumps vulnerability to high profile attacks

 

Hazard Cause Of Failure Effect Of Failure Risk Control
Pacemakers or insulin pumps vulnerability to high profile attacks There are ways for a hacker to spoof communications between the remote control and the insulin pump Potentially forcing the pump to deliver unauthorized insulin injections Those communications needs to be encrypted, or scrambled, to prevent hackers from gaining access to the device

There are far more  RISKs we would like you to know about, which can  help you improve existing security, protecting your device from the next cybersecurity attack.  Over the past 12 years, ORCANOS has gathered intelligence and experience to provide you with the best system to manage security RISKs. Go ahead and register today for your FREE 30 days evaluation system.

 

 

Sources:

 

Why there is a change in the approach regarding labeling as RISK mitigation

July 24th, 2013 Posted by 510(k), CE Marking, FDA, IEC60601, ISO 14971, Recall, RISK Assessment, Risk Management 0 thoughts on “Why there is a change in the approach regarding labeling as RISK mitigation”

A recent recall on Bryan Medical Tracoe Mini 3.0mm Tracheostomy Tube: class 1 recall – mislabeled packaging – See more at: http://www.healthcarepackaging.com/trends-and-issues/regulatory/bryan-medical-tracoe-mini-30mm-tracheostomy-tube-class-1-recall/ has proven some of the justification regarding the change in approch when putting labeling as part of the RISK mitigation. In the above case in the RISK assessment we should expect to see that not just labeling should be used to differentiate between the different devices but also packaging and coloring could be a good way to use on the device. Such mistake in labeling could affect patient safety since an oversized tracheostomy tube may cause permanent injury to the trachea. This product may cause serious adverse health consequences, including death. When we come to RISK assessment and decide to use labels as mitigation we may want to consider mistakes in packaging and address such cases as well or even perform change by design to avoid use of the device on the wrong application.

Orcanos

Contact

8 Tozeret Ha'aretz Street
Tel Aviv, Israel
+972-3-5372561
info@orcanos.com

Copyright © Orcanos, All rights reserved. | Privacy policy | Terms of use