Improving Preparedness for Security Risks of Critical Medical Devices
The Department of Homeland Security and FDA recently disclosed that Urgent/11, a group of network protocol bugs, exists in a multitude of medical devices that use embedded operating systems with networking capabilities.
Oftentimes, software deployed on medical devices is a diverse collection of open source code, licensed code, and stacks and libraries acquired from multiple sources – many of which are decades old. The inherent network security within this software does not improve with time and typically fails to address modern vulnerabilities. Leaving medical devices susceptible to severe bugs, hackers, and other security issues puts patients and healthcare organizations at risk.
It is typical for hospitals to own a large volume of old and new networked devices, running a plethora of different operating systems, with vulnerabilities not fully comprehended by manufacturers and clinical engineers. With this diversity in software, a standardized security patch that will correct issues across all networked devices simply doesn't exist. This inevitably forces manufacturers to release them individually for each make and model of their catalog. Moreover, it is virtually impossible to apply these patches over the air and must be manually deployed on each device individually. This process, of finding and gathering each device, is highly inefficient and laborious especially in hospitals with a large fleet of equipment.
Manufacturers publish vulnerability detecting code that can be deployed on the network to identify affected devices. Once the devices at risk are known, it triggers a manual hunt for each piece of equipment. This is often incredibly time consuming without an RTLS solution in place that provides physical location visibility. As security patches are released, it is essential that they are applied to the entire fleet, which again triggers a manual hunt and waste of productive man-hours.
How Location Services and RTLS Technology Can Help:
Location services can cut down on the time it takes to locate the devices, so clinical engineers can rapidly address security risks as efficiently as possible. Additionally, RTLS can improve asset utilization and helps hospitals optimize their fleet of equipment, avoiding over-procurement and unnecessary rentals. Managing a smaller, more optimal, fleet inherently reduces risks and costs. This improves maintenance programs and helps clinical engineering teams focus on future uncovered vulnerabilities – ensuring patient safety and improving care.