MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Crafting the security roadmap

Crafting the security roadmap

By

By John D. Halamka, MD

Dr. John Halamka

Per the theme of security assessment I’ve been posting about, part of crafting a multi-year security roadmap is examining technologies and practices that have limited use in healthcare but are widely deployed in other industries.

Application Security Testing –  Vendor applications including those with FDA 510k approval may have security vulnerabilities.   Testing third party products with source code analysis tools can find defects that are missed by traditional vulnerability scanning software.   Related to Application testing is third party vendor management.   Testing and verifying the security of cloud hosted service providers and business associates is becoming a best practice.

Data Loss Prevention – Although many healthcare organizations have strict policies on the use of email, social networking, cloud storage, remote access, and mobile devices, it’s increasingly import to have technology in place that enforces policies, preventing users from violating policy by sending data to non-secured locations i.e. sending patient information to a referring clinician who uses Gmail.   Many vendors offer appliances that quarantine, notify, restrict, and manage the flow of email containing person identified information/protected healthcare information.    Related to DLP is a strategy to prevent use of unencrypted storage devices – thumb drives, DVDs, CDs etc.

Adaptive Authentication  –  Critical applications, including email, enterprise resource planning, and clinical applications deserve increased authentication rigor.   For example, if a user is not typically outside the US and suddenly logs in from an unexpected location, then the user should be challenged with an additional factor.  Approaches could include a secret question or a one time PIN code sent to a known cell phone.  Such applications can also perform a risk analysis of authentication events to detect anomalies, including authentication events using compromised accounts and suspect IP addresses.

As with other posts on such topics, I look forward to comments about your plans and experiences in these areas.

In addition to his CIO role at BIDMC, Dr. Halamka blogs at GeekDoctor.blogspot.com.

In case you missed it

RSS From Medical Design & Outsourcing

  • Ga. warehouse workers sue Sterigenics, ConMed over EtO exposure
    Fifty-three people who worked in an Atlanta-area warehouse that stored medical devices sterilized by ethylene oxide (EtO) filed suit this week against Sterigenics and its parent company over exposure to the gas. The plaintiffs or their families claim that long-term EtO exposure to the sterilized devices, which they unloaded, handled, warehoused and distributed, caused multiple… […]
  • FDA eases regs on certain device changes during pandemic
    The FDA will allow limited changes to certain devices so medtech companies can address manufacturing and supply chain issues due to COVID-19-related disruptions. In a guidance released yesterday, the agency said it would allow changes to devices approved through its premarket approval (PMA) and humanitarian device exemption (HDE) pathways as long as those changes do… […]
  • 15 heart devices that could boost their manufacturers’ sales
    Before the coronavirus pandemic hit, medtech companies large and small were making notable news with a number of innovative heart devices. Some of these same companies took a big hit to their bottom lines when the danger of spreading COVID-19 and using up precious personal protective equipment convinced hospitals to limit non-urgent procedures. Now hospitals… […]
  • This wearable could help people practice safe distancing amid COVID-19
    Imec spinoff Lopos, with the Ghent University (Belgium) announced the Lopos SafeDistance wearable for promoting safety during the COVID-19 pandemic. As businesses attempt to return to in-person activities, the collaboration designed the wearable device to warn employees through an audible or haptic alarm when they are violating social distancing guidelines as they approach each other.… […]
  • FDA launches COVID-19 research initiative
    The FDA has entered an agreement with healthcare analytics company Aetion to research urgent questions about COVID-19. The New York City-based company said the research will support FDA objectives to explore the natural history of the disease, as well as treatment and diagnostic patterns using relevant, novel data sources and analyzing these data according to well-established principles.… […]
  • Medtronic execs see quick recovery, increased M&A
    If Medtronic’s troubling Q4 report offers a snapshot of a company hit hard by COVID-19, the next image in the sequence may show a faster-than-expected recovery and increased merger-and-acquisition of smaller companies. In the quarterly call on Thursday morning, Medtronic CEO Geoff Martha and CFO Karen Parkhill expressed optimism that the company’s businesses already are showing signs… […]
  • Webinar: How COVID-19 is changing medical device regulation, clinical trials and reimbursement
    Tuesday, June 23, 2020 11:30 a.m. eastern time / 8:30 a.m. pacific time     As the life sciences industry works to contain the COVID-19 outbreak, it is clear that the dynamics of the medical device and digital health industries are being disrupted. Going virtual is the new normal and executives of medtech and healthtech… […]
  • IMDRF recommends UL 2900 compliance for medical device cybersecurity
    By Stewart Eisenhart, Emergo Group Recent guidance published by the International Medical Devices Regulators Forum (IMDRF) that covers medical device cybersecurity best practices includes recommendations that manufacturers comply with the UL 2900 set of standards for network-connectable devices. Get the full story here at the Emergo Group’s blog. The opinions expressed in this blog post… […]
  • Goddard teams with Swab56 on COVID-19 test swabs
    Mechanical engineering and industrial design company Goddard announced that it is working with the Swab56 Project to rapidly increase the production of Swab56’s test swabs, which are used in healthcare facilities to test for COVID-19. As news reports have documented, traditional nasopharyngeal swabs are in short supply as healthcare facilities around the world struggle to keep… […]
  • This patient-mover got an emergency COVID-19 nod from the FDA
    AR Tech, a division of A&R Tarpaulins, announced today that the FDA has granted an EUA for its Patient Isolation Transportation Unit (PITU) to help hospitals better manage the COVID-19 pandemic. “PITU is a game-changer in this fight against the pandemic because it is a negative pressure isolation enclosure that makes working with highly contagious diseases… […]
  • Sommetrics lands ISO 13485 certification
    Sleep apnea treatment device startup Sommetrics announced yesterday that its quality management system has been certified to the ISO 13485:2016 standard. During the audit process required for certification, Sommetrics was also evaluated and found to be in compliance with the standards of the Medical Device Single Audit Program (MDSAP) for Canada. “This is an important… […]

Leave a Reply

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us

Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube