As wireless telehealth grows, security must grow with it
Advances in wireless connectivity are helping to deliver better care for patients and greater efficiency for clinicians and staff within hospitals. More medical devices and applications are being attached to hospital-wide Wi-Fi networks to automate updates of electronic health records and clinical information systems.
While technology plays an important role in improvements to care delivery, it also places a priority on medical device security, as well as network security, uptime, and performance. Connected medical devices need secure and reliable connectivity with various applications.
Today’s hyperconnected hospital environment is creating new and escalating security concerns. Such concerns are increasingly justified. Although the information security technology protecting these devices is getting better, many of them continue to be relatively easy to hack.
The vulnerability and potential risk posed by connected medical devices was clearly highlighted late last year by two security researchers, Scott Erven and Mark Collao, at the DerbyCon 2015 security conference in the United States. According to the researchers’ findings, over 68,000 medical systems are potentially exposed online. An unsecured Wi-Fi network has the potential to provide an additional vulnerable point of entry for a determined hacker.
In December last year, medical device security expert, Todd Cooper, issued a warning about wireless medical devices at the SRI Security Conference at Edith Cowan University. At the event, he dubbed the emerging generation of wireless devices, such as pacemakers, as ‘a ticking time bomb’.
While stressing that no cyber criminals had yet been known to hack into a medical device with the objective of physically harming a patient, Cooper’s presentation highlighted the risks such technology presents.
This is a clear example of why security considerations go wider than just the device itself: it’s also critical to evaluate the security of the wider enterprise networks used within the hospital or care setting. The design and implementation of the technical architecture, for example, are essential to ensuring that connected devices and mission-critical applications work reliably, quickly and securely.
Testing times for healthcare IT
The wireless healthcare ecosystem is a complex market. Healthcare mobility requirements demand a high degree of secure roaming, while ensuring a persistent connection to core systems. Data sheets specifications might show compliance with standards such as 802.11i, but it’s only proprietary manufacturer testing that validates the reliability of roaming in the device.
As such, medical device manufacturers should stress test their products under enterprise roaming conditions, with the full range of security applications that would be deployed in normal usage. The best way to accomplish this is to conduct proactive testing using an ecosystem-testing model that mirrors the healthcare enterprise.
In Wi-Fi patient monitoring, it is paramount that vital signs and alarms be transmitted with 100 per cent reliability. Validation testing for roaming handoffs from access point to access point while maintaining enterprise security connections is imperative.
With ongoing advancements in Wi-Fi technology, any updates to device software and applications also require testing. A continuous testing lifecycle should start during device or application development, then continue through live deployment. Continuous testing ensures that the device or application will still meet approved use requirements, after launch.
Testing best practices
Here’s a checklist of testing best practices for the development of healthcare devices that are exposed to a patient and a healthcare facility network.
- Testing should occur at the earliest point during design to verify that the wireless local area network (WLAN) or network technology chosen works as promised.
- Upfront testing will serve as the foundation for regulatory submission, and also help to develop the correct deployment guidelines and support requirements in the field.
- Continuous testing must be part of the internal regulatory process. Such validation is also needed throughout the product lifecycle to meet security and quality of service requirements of many life-critical applications.
WLAN deployments for healthcare environments should also include a site assessment to measure the performance of multiple client devices and quantify the end-user experience in real-world network environments, including:
- Measuring the wireless experience from the user or client perspective.
- Creating a live network ecosystem to assess how devices and applications perform and co-exist in real world environments.
- Modeling ‘what if’ scenarios as new users, devices, applications, and technologies are added to the network over time.
Healthcare is still on a learning curve for leveraging wireless technology for medical devices. Security and reliability of such devices are a major concern. Following best practices resulting from hospitals that have successfully deployed reliable wireless networks will help to accelerate adoption, and improve the quality of healthcare.
Areg Alimian is senior director for solutions marketing at Ixia
Email: [email protected]