[ISN] CIO weighs the dilemma of medical device FDA security updates

From: InfoSec News <alerts_at_private>
Date: Mon, 4 Mar 2013 00:42:29 -0600 (CST)

By Patrick Ouellette
Health IT Security
February 27, 2013

As John D. Halamka, MD, is CIO of Beth Israel Deaconess Medical Center (BIDMC), 
notes in a recent blog post, dealing with medical device security can certainly 
be a hassle for CIOs on a number of levels.

One of the major barriers in securing these devices is the fact that many 
healthcare organizations’ legacy systems are out of date and need to be 
replaced or somehow updated. Halamka mentioned an example of devices that BIDMC 
uses from a major manufacturer that internally use Windows NT as the operating 
system (OS) and the Apache 1.0 web server. There are no patches around to help 
protect these devices from hacks and malware. So instead, Halamka and BIDMC 
have built device firewalls for safeguards. It’s safe to say that not every 
organization has the expertise and resources available to build these firewalls 
on the fly, so this remains a huge issue. Furthermore, manufacturers rarely 
allow product mappings that would allow these executives to form and manage the 

FDA 501k certification is another hurdle that organizations need to deal with, 
as manufacturers have stated that an upgrade or software patch would require 
re-certification. Of course, there are two sides to every story and the FDA 
claims that both organizations and manufacturers have to collaborate in keeping 
these devices secure.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Sun Mar 03 2013 - 22:42:29 PST

This archive was generated by hypermail 2.2.0 : Sun Mar 03 2013 - 22:33:39 PST