Transcript Ransomware
MEDICAL DEVICE
CYBER SECURITY:
Protecting our Devices
in an Unsafe World
MD EXPO
October 7, 2016
Danielle McGeary, MS BME
Chief, Clinical Engineering
VA Boston Healthcare System
1
SECURITY– What is It?
se·cu·ri·ty
noun
\si-ˈkyur-ə-tē\
1.
The quality or state of being secure
2.
Freedom from danger
3.
Freedom from fear or anxiety
4.
Measures taken to guard against espionage or
sabotage, crime, attack, or escape
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
2
Information Security
Protecting information and information systems (including
computers, medical devices and networks) from:
Unauthorized access
Unauthorized use
Unauthorized alterations
Unauthorized interruptions
Devastation
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
3
The Threat Is Real!
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
4
Ransomware
• Ransomware is targeting
Hospital’s for large sums of money
- Nearly one half of all U.S.
hospitals reported at least one
ransomware attack during the past
year.
• Ransomware is computer
malware that installs covertly on a
victim's computer, executes a
cryptovirology attack that adversely
affects it, and demands a ransom
payment to restore it.
• The US government reported
recently that there have been
4,000 daily ransomware attacks so
far in 2016!
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
5
The Challenges and How the Industry Got Here
• Over the past 10 years, the Medical Healthcare Industry has increasingly demanded more intelligent
and reliable clinical systems and medical devices that work seamlessly together
• The mandate of “Meaningful Use” (Requiring Hospitals to have EHRs) for CMMS reimbursement has
driven the Medical Device Industry to become very IT imbedded.
• 35 Billion Dollar Federally Funded Inventive Program
• This incentive program pushed tens of thousands of healthcare providers into the digital age before
the industry was ready.
• Because FDA compliance is required at each phase in medical device design (from concept to clinical
trial to product launch and servicing), compliance often results in process latency.
– Until 6 months ago an Ultrasound Machine not running Windows XP was not available
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
6
The Shift in the Clinical Engineering Field
• Clinical Engineering is no longer managing stand alone Devices – we are
managing networked Systems
–
–
–
–
–
–
Telemetry Systems, Physiological Monitoring, and Flow Sheets
Infusion Pumps and Drug Libraries
Radiology PACs connected to various imaging modalities (eg: CT, MRI, CR, DR)
Telehealth
PDAs
EKG Carts
• All devices want to “talk” directly to the Electronic Health Record (EHR)
• Increase Cyber Threat
– As medical systems communicate over the IT network they become more
susceptible to malware (computer viruses, worms, trojans horses, rasomware,
spyware, etc.).
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
7
Major Challenge: Non Supported Microsoft OS
Non Supported Microsoft Operating Systems
– Windows XP (April 2014)
– Windows Server 2003 (July 2015)
– Windows XP Embedded (January 2016)
Why is this a Problem for Medical Devices?
– No Security Updates
– No protection from viruses, spyware
and malicious software that may alter
Medical Device Function
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
8
New VA National Mandate
Acting Deputy Under Secretary for Health for Operations and Management
issued a memo on March 4, 2016 stating that all Medical Devices and Clinical
Systems running on a non-supported Microsoft Operating System (OS) must
be replaced no later than February 28, 2017.
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
9
A New Approach to Planning for Medical Equipment
How does this effect VA Boston?
45 Systems: >300 Individual Medical Devices: 20 million dollars
UTILIZATION
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
10
Pre-Procurement Medical Device Risk Analysis
• MDS2 Form (VA 6550 Form)
MDS2 or 6550
• Access Control List (ACL) Communication Profile Form
– Medical Device Communication to Build ACL
– Create Virtual LANs
• Medical Device/System OIT Network Connectivity
ACL
Communication
Profile
– Networked connected and function tested.
Connect Medical
Device/System
on Network
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
11
Manufacturer Disclosure Statement for Medical Device
Security (MDS2)
The Role of Healthcare Providers in the Security Management Process
1. The provider organization has the ultimate responsibility for providing effective
Medical Device Security Management. Device Manufacturers can assist Clinical
Engineering with Medical Device Cyber Security by providing the following
information:
•
•
•
•
The type of data maintained/transmitted by the device
How the data is maintained/transmitted by the device
The OS the device is utilizing
Any security features that are incorporated into the device design
2. In order to effectively manage medical information security and comply with relevant
regulations, hospitals must employ administrative, physical, and technical safeguards
– most of which are extrinsic to the actual device.
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
12
Manufacturer Disclosure Statement for Medical Device
Security (MDS2)
HIMSS and NEMA recommend that the information in the MDS2 form be used as part
of each organization’s security compliance and risk assessment efforts.
VA Directive 6550, Appendix A Form
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
MDS2 Form
13
MEDICAL DEVICE RISK ANALYSIS
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
14
MEDICAL DEVICE ISOLATION ARCHITECTURE
• VLAN
– One Unique VLAN per Manufacturer and Like Medical Devices/Systems
• Siemens Healthcare SOMATOM Definition Flash and SOMATOM Force CT Scanners: 1
VLAN
• Philips Healthcare Ingenuity Flex3 CT Scanner and Pinnacle3 Treatment Planning: 2 VLANs
– IP Range Assigned to VLAN (e.g. 1.1.1.1 – 1.1.1.20)
• More IPs assigned than medical devices (Growth)
• ACL
– Information Pulled from ACL Communication Profile Form
– Least Number of Connections Necessary to Support Function
– .Txt file Uploaded to Router
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
15
Access Control List (ACL)
• Access lists filter network traffic by controlling whether routed packets are
forwarded or blocked at the router’s interfaces
• Provide security for networks
• Decide which types of traffic are forwarded or blocked at the router
interfaces.
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
16
Access Control Lists (ACLs)
• Can apply up to two access lists to an interface:
one inbound access list and one outbound
access list
• If the access list is inbound, when the router
receives a packet, the software checks the
access list’s criteria statements for a match. If
the packet is permitted, the software continues
to process the packet. If the packet is denied,
the software discards the packet.
•
If the access list is outbound, after receiving
and routing a packet to the outbound interface,
the software checks the access list’s criteria
statements for a match. If the packet is
permitted, the software transmits the packet. If
the packet is denied, the software discards the
packet.
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
17
MEDICAL DEVICE ISOLATION ARCHITECTURE
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
18
Removable Media
MAJOR SOURCE OF MEDICAL DEVICE INFECTIONS!
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
19
How do we Protect Medical Devices from
Removable Media?
• Have a Medical Center Mobile Medical Policy
• Have computers in Clinical Engineering
Department for scanning all removable media
• Require vendors check in with the Clinical
Engineering Service to scan all mobile media
prior to servicing/upgrading devices
• Removable media MUST be scanned EVERY TIME
it enters the facility
• Install USB Locks on Medical Devices (Deterrent
not Prevention)
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
20
Patching of Medical Devices and
Medical Servers
• Approval and authorization is obtained by medical device/system
manufacturer in a written statement.
• Determine who will provide updates (Manufacturer, Field Service Engineer,
or Clinical Engineering)
• Patches and updates are downloaded manually during the scheduled
planned maintenance.
• Should Patching PMs be generated monthly like performance verification
PMs?
– How do we track and prove that this is being done?
– Must be tracked separately from traditional PMs.
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
21
Keep Your Devices Organized
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
22
NETWORKED MEDICAL DEVICE DATABASE
Medical Device Information
• IP Address
• Machine Network Name
• Machine Location
• Electronic Entry Number
• Description
• Responsible Staff
• Manufacturer
• Operating System
• Anti-Virus Software
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
Virtual Local Network Information
• VLAN Number
• Common Name
• Location
• Network Start (Network Address)
• Network End (Broadcast Address)
• Subnet Mask
• Function
• System Manufacturer
• ACL Name
• VLAN Type
• Notes
• DHCP
• Reserved IP Addresses (Core, Network
Address, Broadcast Address)
23
Keep Your Devices Organized
• Have IP Addresses Listed in your CMMS and Networked Database
• Have an accurate list of servers
– Computer Names
– IP Addresses
– Location
• Severs/Computers/Devices
–
–
–
–
Manage your ACLs
Know what user accounts are available
Application Entity (AE) Titles for Radiology Devices
WiFi Information
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
24
Passwords
Best Practices:
• Combination of letters, numbers and special characters
• Upper and Lower case letters
• Changed Frequently
• Should not be the vendor’s default password
• Should not be written down
• Should not be used for more than one account
Challenges:
• Vendors utilize default passwords
and instruct hospitals not to change
them.
• Medical Devices and Software often
do not have a feature to instruct
users to change their passwords
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
25
Networked Device Incident Response
• HAVE A PLAN IN PLACE!
• Define a Responding Team
– eg: Clinical Engineering, Chief Information Officer, Information Security Officer
(ISO), and Vendor
– Have a command center/conference line ready
• Know Clinical Engineering’s Role:
– Identify the source of the incident (infection) and physically remove it from the
network.
– Scan the device for infection
– Work with the vendor to reimage the device
– Put the device back into use
– DOCUMENT the incident
– Report to proper channels (FDA) if appropriate
• Ransomware is a HIPPA breach
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
26
Questions?
CLINICAL ENGINEERING CONSOLIDATED PROGRAM
27