Transcript Ransomware
MEDICAL DEVICE CYBER SECURITY: Protecting our Devices in an Unsafe World MD EXPO October 7, 2016 Danielle McGeary, MS BME Chief, Clinical Engineering VA Boston Healthcare System 1 SECURITY– What is It? se·cu·ri·ty noun \si-ˈkyur-ə-tē\ 1. The quality or state of being secure 2. Freedom from danger 3. Freedom from fear or anxiety 4. Measures taken to guard against espionage or sabotage, crime, attack, or escape CLINICAL ENGINEERING CONSOLIDATED PROGRAM 2 Information Security Protecting information and information systems (including computers, medical devices and networks) from: Unauthorized access Unauthorized use Unauthorized alterations Unauthorized interruptions Devastation CLINICAL ENGINEERING CONSOLIDATED PROGRAM 3 The Threat Is Real! CLINICAL ENGINEERING CONSOLIDATED PROGRAM 4 Ransomware • Ransomware is targeting Hospital’s for large sums of money - Nearly one half of all U.S. hospitals reported at least one ransomware attack during the past year. • Ransomware is computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to restore it. • The US government reported recently that there have been 4,000 daily ransomware attacks so far in 2016! CLINICAL ENGINEERING CONSOLIDATED PROGRAM 5 The Challenges and How the Industry Got Here • Over the past 10 years, the Medical Healthcare Industry has increasingly demanded more intelligent and reliable clinical systems and medical devices that work seamlessly together • The mandate of “Meaningful Use” (Requiring Hospitals to have EHRs) for CMMS reimbursement has driven the Medical Device Industry to become very IT imbedded. • 35 Billion Dollar Federally Funded Inventive Program • This incentive program pushed tens of thousands of healthcare providers into the digital age before the industry was ready. • Because FDA compliance is required at each phase in medical device design (from concept to clinical trial to product launch and servicing), compliance often results in process latency. – Until 6 months ago an Ultrasound Machine not running Windows XP was not available CLINICAL ENGINEERING CONSOLIDATED PROGRAM 6 The Shift in the Clinical Engineering Field • Clinical Engineering is no longer managing stand alone Devices – we are managing networked Systems – – – – – – Telemetry Systems, Physiological Monitoring, and Flow Sheets Infusion Pumps and Drug Libraries Radiology PACs connected to various imaging modalities (eg: CT, MRI, CR, DR) Telehealth PDAs EKG Carts • All devices want to “talk” directly to the Electronic Health Record (EHR) • Increase Cyber Threat – As medical systems communicate over the IT network they become more susceptible to malware (computer viruses, worms, trojans horses, rasomware, spyware, etc.). CLINICAL ENGINEERING CONSOLIDATED PROGRAM 7 Major Challenge: Non Supported Microsoft OS Non Supported Microsoft Operating Systems – Windows XP (April 2014) – Windows Server 2003 (July 2015) – Windows XP Embedded (January 2016) Why is this a Problem for Medical Devices? – No Security Updates – No protection from viruses, spyware and malicious software that may alter Medical Device Function CLINICAL ENGINEERING CONSOLIDATED PROGRAM 8 New VA National Mandate Acting Deputy Under Secretary for Health for Operations and Management issued a memo on March 4, 2016 stating that all Medical Devices and Clinical Systems running on a non-supported Microsoft Operating System (OS) must be replaced no later than February 28, 2017. CLINICAL ENGINEERING CONSOLIDATED PROGRAM 9 A New Approach to Planning for Medical Equipment How does this effect VA Boston? 45 Systems: >300 Individual Medical Devices: 20 million dollars UTILIZATION CLINICAL ENGINEERING CONSOLIDATED PROGRAM 10 Pre-Procurement Medical Device Risk Analysis • MDS2 Form (VA 6550 Form) MDS2 or 6550 • Access Control List (ACL) Communication Profile Form – Medical Device Communication to Build ACL – Create Virtual LANs • Medical Device/System OIT Network Connectivity ACL Communication Profile – Networked connected and function tested. Connect Medical Device/System on Network CLINICAL ENGINEERING CONSOLIDATED PROGRAM 11 Manufacturer Disclosure Statement for Medical Device Security (MDS2) The Role of Healthcare Providers in the Security Management Process 1. The provider organization has the ultimate responsibility for providing effective Medical Device Security Management. Device Manufacturers can assist Clinical Engineering with Medical Device Cyber Security by providing the following information: • • • • The type of data maintained/transmitted by the device How the data is maintained/transmitted by the device The OS the device is utilizing Any security features that are incorporated into the device design 2. In order to effectively manage medical information security and comply with relevant regulations, hospitals must employ administrative, physical, and technical safeguards – most of which are extrinsic to the actual device. CLINICAL ENGINEERING CONSOLIDATED PROGRAM 12 Manufacturer Disclosure Statement for Medical Device Security (MDS2) HIMSS and NEMA recommend that the information in the MDS2 form be used as part of each organization’s security compliance and risk assessment efforts. VA Directive 6550, Appendix A Form CLINICAL ENGINEERING CONSOLIDATED PROGRAM MDS2 Form 13 MEDICAL DEVICE RISK ANALYSIS CLINICAL ENGINEERING CONSOLIDATED PROGRAM 14 MEDICAL DEVICE ISOLATION ARCHITECTURE • VLAN – One Unique VLAN per Manufacturer and Like Medical Devices/Systems • Siemens Healthcare SOMATOM Definition Flash and SOMATOM Force CT Scanners: 1 VLAN • Philips Healthcare Ingenuity Flex3 CT Scanner and Pinnacle3 Treatment Planning: 2 VLANs – IP Range Assigned to VLAN (e.g. 1.1.1.1 – 1.1.1.20) • More IPs assigned than medical devices (Growth) • ACL – Information Pulled from ACL Communication Profile Form – Least Number of Connections Necessary to Support Function – .Txt file Uploaded to Router CLINICAL ENGINEERING CONSOLIDATED PROGRAM 15 Access Control List (ACL) • Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the router’s interfaces • Provide security for networks • Decide which types of traffic are forwarded or blocked at the router interfaces. CLINICAL ENGINEERING CONSOLIDATED PROGRAM 16 Access Control Lists (ACLs) • Can apply up to two access lists to an interface: one inbound access list and one outbound access list • If the access list is inbound, when the router receives a packet, the software checks the access list’s criteria statements for a match. If the packet is permitted, the software continues to process the packet. If the packet is denied, the software discards the packet. • If the access list is outbound, after receiving and routing a packet to the outbound interface, the software checks the access list’s criteria statements for a match. If the packet is permitted, the software transmits the packet. If the packet is denied, the software discards the packet. CLINICAL ENGINEERING CONSOLIDATED PROGRAM 17 MEDICAL DEVICE ISOLATION ARCHITECTURE CLINICAL ENGINEERING CONSOLIDATED PROGRAM 18 Removable Media MAJOR SOURCE OF MEDICAL DEVICE INFECTIONS! CLINICAL ENGINEERING CONSOLIDATED PROGRAM 19 How do we Protect Medical Devices from Removable Media? • Have a Medical Center Mobile Medical Policy • Have computers in Clinical Engineering Department for scanning all removable media • Require vendors check in with the Clinical Engineering Service to scan all mobile media prior to servicing/upgrading devices • Removable media MUST be scanned EVERY TIME it enters the facility • Install USB Locks on Medical Devices (Deterrent not Prevention) CLINICAL ENGINEERING CONSOLIDATED PROGRAM 20 Patching of Medical Devices and Medical Servers • Approval and authorization is obtained by medical device/system manufacturer in a written statement. • Determine who will provide updates (Manufacturer, Field Service Engineer, or Clinical Engineering) • Patches and updates are downloaded manually during the scheduled planned maintenance. • Should Patching PMs be generated monthly like performance verification PMs? – How do we track and prove that this is being done? – Must be tracked separately from traditional PMs. CLINICAL ENGINEERING CONSOLIDATED PROGRAM 21 Keep Your Devices Organized CLINICAL ENGINEERING CONSOLIDATED PROGRAM 22 NETWORKED MEDICAL DEVICE DATABASE Medical Device Information • IP Address • Machine Network Name • Machine Location • Electronic Entry Number • Description • Responsible Staff • Manufacturer • Operating System • Anti-Virus Software CLINICAL ENGINEERING CONSOLIDATED PROGRAM Virtual Local Network Information • VLAN Number • Common Name • Location • Network Start (Network Address) • Network End (Broadcast Address) • Subnet Mask • Function • System Manufacturer • ACL Name • VLAN Type • Notes • DHCP • Reserved IP Addresses (Core, Network Address, Broadcast Address) 23 Keep Your Devices Organized • Have IP Addresses Listed in your CMMS and Networked Database • Have an accurate list of servers – Computer Names – IP Addresses – Location • Severs/Computers/Devices – – – – Manage your ACLs Know what user accounts are available Application Entity (AE) Titles for Radiology Devices WiFi Information CLINICAL ENGINEERING CONSOLIDATED PROGRAM 24 Passwords Best Practices: • Combination of letters, numbers and special characters • Upper and Lower case letters • Changed Frequently • Should not be the vendor’s default password • Should not be written down • Should not be used for more than one account Challenges: • Vendors utilize default passwords and instruct hospitals not to change them. • Medical Devices and Software often do not have a feature to instruct users to change their passwords CLINICAL ENGINEERING CONSOLIDATED PROGRAM 25 Networked Device Incident Response • HAVE A PLAN IN PLACE! • Define a Responding Team – eg: Clinical Engineering, Chief Information Officer, Information Security Officer (ISO), and Vendor – Have a command center/conference line ready • Know Clinical Engineering’s Role: – Identify the source of the incident (infection) and physically remove it from the network. – Scan the device for infection – Work with the vendor to reimage the device – Put the device back into use – DOCUMENT the incident – Report to proper channels (FDA) if appropriate • Ransomware is a HIPPA breach CLINICAL ENGINEERING CONSOLIDATED PROGRAM 26 Questions? CLINICAL ENGINEERING CONSOLIDATED PROGRAM 27