The healthcare industry is beginning to adopt technology to better assist patients, gain easier access to medical information and to administer medication. In particular, certain practitioners are either considering or have started adopting wireless (a.k.a., mobile) medical devices, such as implantable medical devices, external medical devices, or portable computers such as iPads, tablets, and smartphones, for such purposes. However, this isn’t without risk, according to The Department of Homeland Security (DHS). It recently announced that the US Food and Drug Administration (FDA), responsible for regulating medical devices, cannot regulate mobile medical device use or users, including how users are linked to or configured within networks such as private/public/hybrid clouds (managed data centers) which house medical data.
For the benefit of organizations that are considering adoption of mobile medical devices, an article published May 23, 2012, outlined five risks suggested by the DHS that should be considered:
1) Insider Theft – Employees stealing data via network transfer (e.g., e-mail, remote access, or file transfer).
2) Malware – Examples are keystroke loggers, Trojans, and other spyware designed to uncover, capture, and transmit to malicious third parties easily accessible sensitive data once inside the network.
3) Spearphishing – E-mail based attack where customized e-mails containing malicious attachments or links are sent to key personnel; these e-mails are especially convincing because they appear to be sent from a legitimate source.
5) Lost or stolen equipment – If a smartphone or tablet is lost or stolen, and then compromised, it can be an entry point into a health entity’s network and records.
To mitigate risks from adoption of wireless medical devices, healthcare providers should deploy security on these devices. Access control should be applied on a user level, based on the user’s role, so that irrespective of which device or location the user connects from, he/she is given access to only that data which is required for the applicable business purposes. Anti-malware and Web protection should be enabled for every Internet-connected mobile device, whether it is a medical device or a personal smartphone or iPad used to access the network and increase user productivity. Furthermore, in case a device is lost or stolen, it should be possible to remotely lock the device and/or wipe all its content, including logins and passwords, so that no one else can use the device to gain access to any sensitive data or exploit stored information. To learn about Juniper’s mobile device protection and management solutions, visit: Junos Pulse Mobile Security SuiteRead more...
Discussing a wide range of topics impacting enterprises and data center security.