Wireless Monitoring: Risks, BenefitsSizing Up 'Medical Body Area Networks'
The FCC recently set aside broadband spectrum for wireless patient monitoring systems. How should the industry respond to the security risks? Medical device expert Dale Nordenberg, M.D., offers insight.
The wireless systems are known as Medical Body Area Networks, which use sensors attached to patients to monitor vital signs. The sensors, linked to a hub, transmit data to other information systems, Nordenberg says in an interview with Information Security Media Group's Howard Anderson [transcript below].
Nordenberg, who's founder of the Medical Device Innovation, Safety and Security Consortium, says an assessment from the consortium doesn't reveal any increased risk from a security perspective. "What we see is that the same risks that people have been talking about would continue to persist, and what we're recommending is that we still need to work closely together to better understand the security risks for malware and for hacking that are currently associated with wireless devices."
To better understand the risks and to ensure the necessary security protocols are in place around these Medical Body Area Networks, the consortium is developing a conceptual framework for security that spans a medical device's entire lifecycle.
Organizations, Nordenberg says, need to create organizational structures that allow IT and engineering groups to work together when wireless device networks are implemented.
Also, organizations need to be "effectively monitoring for malware in their environment because any increase in malware in their environment would clearly increase their likelihood that a medical device or a Body Area Network would be potentially impacted," Nordenberg explains.
In the interview, Nordenberg also discusses:
- Consequences of Medical Body Area Networks;
- Security issues to be mindful of;
- Steps organizations should be taking to thwart malware and other risks.
In addition to his role leading the consortium, Nordenberg, a pediatrician, is CEO of Novasano Health and Science, a consulting firm that focuses on leveraging the strategic application of information resources. He formerly was a managing director in the healthcare practice at PricewaterhouseCoopers. And from 2002 through 2007, he held various positions at the Centers for Disease Control and Prevention, including associate director and CIO at the National Center for Infectious Diseases and senior adviser for strategic planning in the CDC's office of the CIO.
Medical Device Consortium
HOWARD ANDERSON: Why don't you describe the consortium and its mission for us briefly?
DALE NORDENBERG: The Medical Device Innovation, Safety and Security Consortium was founded nearly two years ago by leading healthcare delivery organizations because of the concerns that they had about medical devices and their vulnerability to malware and hacking, and the potential patient impact. We're a public/private partnership. In addition to the healthcare delivery organizations, we have members from the medical device manufacturing community and the broader technology industry community, as well as important government agencies that we work closely with.
Overall, we have three key goals. The first goal is to build this robust public/private partnership with all the medical device stakeholders. The second goal is to better define the security risks related to medical devices digitally enabled and networkable medical devices, both wired and wireless, so that we can be data driven in the way we assess the risk and the way we intervene. And the third goal area is to work collaboratively to develop short, medium and long-term strategies and tactics to mitigate the risk associated with security vulnerabilities and medical devices.
Medical Body Area Networks
ANDERSON: The Federal Communications Commission recently voted to set aside protected broadband spectrum for wireless medical devices known as Medical Body Area Networks. Can you please describe these wireless patient monitoring systems and address the significance of this decision?
NORDENBERG: The Medical Body Area Networks is really an evolutionary technology that's the result of the increasing leverage of technology for the monitoring and delivery of therapeutic modalities to a patient. The Medical Body Area Network really consists of one or more sensors that are primarily attached to a patient's body that then communicates through a hub that can then take the data from these sensors, aggregate these data and then the hub has the capability to then transmit these data to other systems within a hospital or other potential vendor for example that would then use this data to provide to physicians or providers to deliver care.
The Medical Body Area Networks are important in that they extend the healthcare system's capability to monitor patients beyond a hospital setting. For example, the wireless medical telemetry systems that have traditionally been deployed in hospitals and the rules for which from the FCC were established over ten years ago, I think roughly in the year 2000 - those systems are distinct from Medical Body Area Networks in that they are designed to be built within the hospital, where as the Medical Body Area Networks are really now expanding the ability and are dealing with devices that are able to be used beyond hospital facility walls.
ANDERSON: These networks can be used in a doctor's office, a nursing home, or even a patient's home in addition to a hospital, is that right?
NORDENBERG: That's absolutely correct. And there are going to be interesting consequences associated with that, so that for example the ability to literally monitor a patient 24/7 will result in the collection of a tremendous amount of data, whereas we monitored before in a much more intermittent fashion, which meant that the way we established our understanding of physiology and body metrics, if you will, which were acquired on this intermittent basis, is going to now give us perhaps an interesting view and perhaps some challenges in terms of the way healthcare professionals interpret body-related biometrics, because we will have much more data over a much longer period of time. That might mean that we will see things that we never really saw before. In the coming couple of years, from an epidemiologic and from a clinical perspective, this 24/7 monitoring and the massive amount of data that it will present to us may give us interesting windows into physiologic and patho-physiologic processes that we didn't have in shorter windows of telemetry if you will.
Also, we believe - from a healthcare system and from a clinical perspective - the ability to monitor patients beyond the walls of a hospital really could represent major advancements in the way we can better treat patients, get perhaps to quicker diagnoses, be quicker to deliver the right interventions and do this all in a more cost-effective way. All of the stakeholders in the healthcare ecosystem really believe that there's tremendous potential with regard to this new technology.
ANDERSON: What security issues are raised by using these wireless monitors that you just described, the Medical Body Area Networks, and does the FCC's action to set aside spectrum for the devices have an impact on security?
NORDENBERG: From our current assessment, the deployment of Body Area Networks and specifically the allocation of dedicated spectrum looks like a very positive action. Firstly, everybody recognizes that spectrum is a limited commodity. The ability to dedicate spectrum to the Medical Body Area Networks represents a mechanism that could provide optimal functioning for these devices, in that it allows the FCC and other industries and other partners to better coordinate and manage the spectrum so that it would minimize the opportunity for interference between devices. From what we're seeing right now and from our current assessment, we don't see that this dedication of spectrum represents any increased risk from a security perspective. What we see is that the same risks that people have been talking about would continue to persist, and what we're recommending is that we still need to work closely together to better understand the security risks for malware and for hacking that are currently associated with wireless devices.
When we talk about these risks, we're really talking about the entire information supply chain, and in this case would involve not just the sensors and the way the sensors communicate with the hubs of the Medical Body Area Networks, but also how the data would move from these hubs to the other data aggregating systems within a healthcare ecosystem.
Steps to Thwart Malware
ANDERSON: As hospitals, clinics and nursing homes and others take advantage of the new spectrum dedicated to Medical Body Area Networks, what steps should they be taking to thwart malware threats and make sure hackers don't access these new Medical Body Area Networks devices?
NORDENBERG: Taken holistically, we have to look at the entire ecosystem. The way our consortium is approaching this is we're developing a conceptual framework for security that really spans the whole life cycle of a medical device. What we mean by that is we need to not only look at what's happening within the organization, but also what's happening in the technology and the medical device manufacturing arena as well, because our ability to mitigate these vulnerabilities really rests on all of our shoulders, all the participants in this ecosystem.
If you're looking at the organization, if you're looking at the healthcare delivery organization, from that perspective what they can do is create organizational structures that really help the healthcare IT groups in the HDO, or the healthcare delivery organization, and the biomedical engineering groups. Have those two communities working very closely together so that when new devices are purchased or new medical device networks are implemented, from a wireless perspective [and] from a Body Area Network perspective, these two groups - the biomedical engineering group and the IT group - are working really closely together, because we see one of the major risks being that these two groups can often work in silos and therefore present IT and specifically security risks.
The other is to help ensure that the HDO is really very effectively monitoring for malware in their environment because any increase in malware in their environment would clearly increase their likelihood that a medical device or a Body Area Network would be potentially impacted and similarly looking at best practices for preventing hacking. Frankly, we see that the unintentional consequences of malware and its potential adverse impact on a medical device are probabilistically much more important than hacking. Hacking does not scale very well. Even if a device is hackable and it's been clear evidence that one or more medical devices are vulnerable to hacking, it would be a big effort to hack many devices simultaneously.
However, we clearly recognize the ability of malware on a very large scale to potentially disrupt more than one device and whole networks. So monitoring and doing robust surveillance is really critical from a malware perspective, and then understanding the fact that malware innovation is so robust that the healthcare delivery organization needs to be equally robust in its vigilance and its technologies that it deploys to monitor malware. From a consortium perspective what we're trying to do is work across many different healthcare delivery organizations to leverage the community to do the surveillance more effectively and to keep up innovation in surveillance and mitigation to try to keep pace with the innovation in the malware community.
From the perspective of the manufacturer, what our consortium is working on is to really help manufacturers understand what the vulnerabilities are and what the challenges are for the implementation, not of a single device or a single type of a device, but the healthcare delivery organization, which is the patient care entity, has the challenge of actually managing security and safety across literally thousands or tens of thousands of devices and how they interoperate with each other, and this is a very different risk profile than a single device.
What we're doing is we're leveraging our healthcare delivery organization leadership group to actually deliver a series of recommendations that will help manufacturers understand the challenges in the healthcare delivery organization, and to hopefully give them a roadmap for developing security features that will make the healthcare delivery organization environment a much safer one. In the short term, we can work at the organizational level and surveillance level, but really the medium and long-term objective is to help industry better understand the challenges so that the devices evolve and the coming design cycles [are] much safer.
ANDERSON: Are the security issues involved in Medical Body Area Networks dramatically different than the security involved in other wireless medical devices?
NORDENBERG: No. We believe that the security risks are essentially the same. In fact, the technologies that will be used in the Medical Body Area Networks are very similar essentially to the wireless technologies used in our current wireless telemetry networks. The good news is that from an innovation perspective that means that the medical device community can rapidly innovate in the area of Medical Body Area Networks. And also, it means that we for the most part believe that we understand the security risks because we're familiar with them in the current wireless medical world. Briefly, no we don't believe there's any increased risk and in fact we believe that we will be leveraging common technologies and we'll be able to address the security risks based on what we know already.