CyberSecurity in Wireless Medical Devices › resources › ...* Big Data analytics * Wireless is replacing wired connections * Mobility/safety * Data collection * Telemedicine * Remote

CyberSecurityinWirelessMedicalDevices

BillSaltzsteinCodeBlueConsulting

CyberSecurityMeetup:July202017

Agenda

CyberSecuritymeetup:07/20/17-Saltzstein

* WhoamI,andhowdidIgethere?* Short-rangewirelessconnectivity* CybersecurityIssues* Q&A

WhoamI?


*  EE,UniversityofRochester*  HPCalculators(HP-71B,HP-18/28)*  HPCardiology(PagewriterXLECG,CodeMasterDefibrillator)*  Instromedix(LifeSignsHomeHealth)*  MedtronicsPhysio-Control(Dir.Adv.Dev.)*  CodeBlueCommunications(Bluetoothmodules,consulting)*  connectBlue(SalesandMarketing)*  CodeBlueConsulting&CocoanutManor(BTLEproducts)*  CinqCellarswinery(gratuitousplug)

Consumer,TypeI,II,IIIdevices,510(k),PMA,PMAs

Taketheredpill,NeoThinkaboutthisfromamedicaldevice…


WhatisaMedicalDevice?

*  AMedicalDeviceis“…aninstrument,apparatus,implement,machine,contrivance,implant,invitroreagent.....”,thatis“...intendedforuseinthediagnosisofdiseaseorotherconditions,orinthecure,mitigation,treatment,orpreventionofdisease,inman...”or“...intendedtoaffectthestructureoranyfunctionofthebodyofman…”(fromtheUSFDA)


The new MDDS & Medical Device and wireless technologies

*  WLAN

*  802.11b/g/n: 2.4 GHz, DSSS/OFDM

*  802.11a/n: 5.2 GHz, OFDM

*  Bluetooth

*  Smart Ready: 2.0+EDR, low energy: 2.4 GHz, FHSS

*  NFC

*  13.56 MHz

*  A-GPS (rcv only)

*  L1: 1575.42 MHz

*  L2: 1227.6 MHz

*  Glonass (rcv only)

*  L1: 1602 MHz (fc)

*  L2: 1246 MHz (fc)

*  CDMA EV-DO Rev. A and Rev. B (800, 1700/2100, 1900, 2100 MHz)

*  UMTS/HSPA+/DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz)

*  TD-SCDMA 1900 (F), 2000 (A)

*  GSM/EDGE (850, 900, 1800, 1900 MHz)

*  FDD-LTE (Bands 1, 2, 3, 4, 5, 7, 8, 13, 17, 18, 19, 20, 25, 26, 28, 29)

*  TD-LTE (Bands 38, 39, 40, 41)


The2.4GHzworld…


*  WiFiScanner– 802.11at2.4GHzand5GHz*  Lightblue–Bluetoothlowenergy


Demo

Examples


*  Hospitalequipment*  Defibrillator*  Bedsidepatientmonitor*  MRI*  Infusionpump*  …

*  Chronicdiseasemanagement*  Diabetes*  Pulmonary:COPD*  Heartdisease*  Pain

*  Rxdelivery*  Diagnosticsoutofhospital*  External/wearable*  Implanted*  HomeHealth*  Infusion*  Dialysis*  Sleepapnea

* Why?* Where?* How?

Allmedical(andhealth)devicesshallbeconnected


Allmedicaldevicesshallbeconnected–Why?

*  Connectivity*  ElectronicHealthRecord(EHR)*  Chargecapture(billing)*  BigDataanalytics

*  Wirelessisreplacingwiredconnections*  Mobility/safety*  Datacollection

*  Telemedicine*  Remoteconsultation&review(photo)*  HomeHealth*  AginginPlace

*  HealthandFitnessCyberSecuritymeetup:07/20/17-Saltzstein

Emergency!1972-1977

*  Classicanswers:*  Hospital*  EMS*  Home

*  Realanswers:*  Starbucks*  37,000feet*  StuckonI-5*  Inthebathroom*  Intheelevator

*  Realenvironmentsrequirecreativesolutionsforconnectivity


Allmedicaldevicesshallbeconnected– Where?

Examplesystem:ChronoTherapeutics

Wearable:Sensors,button,

Rxdelivery Usage,data

Settings,software

Patientinfo,data

Settings,software

AIcoaching

Usedata

EHR?

Real-timePersonalCoaching/Analytics

Billing


Short-range Long-range

Enterprise

Photosandinformationobtainedfromwww.chronothera.com

*  Tworealchoicesforshortrangedatatransfer1)  WiFi–IEEE802.112)  Bluetooth

a)  Bluetoothclassicb)  Bluetoothlowenergy

*  Everythingelse*  RFID/NFC–expectusageinUDIandassettracking*  ZigBee,Thread–IEEE802.15.4based–coexistencechallenge*  MICS(MedicalImplantCommunicationSystem)–supply,$$*  MBAN(MedicalBodyAreaNetwork)-??

Wanderingandwonderinginthewideworldofshort-rangewireless


WhataretheissuesforMedicalDevicesandnetworks?

*  MedicalDevicedata*  Patientinformation(personal,medical)*  “ProtectedHealthInformation”-PHI

*  Measurementsandwaveform*  Device&networkconfigurationandprovisioning*  Firmwareupgrade*  Securitycertificates*  Theattacksurfaceincreasesasconnectivityincreases


Whydowecare?

*  Patientlivesareatstake,bothdirectlyandindirectly!*  HIPAArequirements–medicalrecordportability&privacy*  Protectsyoufromunauthorizeduseofyourmedicalinformation*  Eg:employerdiscriminatingforamedicalcondition

*  FDArequirements*  OTSsoftwareguidance*  Premarketsubmissionguidance*  Postmarketmanagement

*  Companyreputationandvalueisatstake*  StJudeMedical/MuddyWaters


Howrealisthis?Hackingisevolvingandaccelerating!

*  Earlypublicdisclosure:“PacemakersandImplantableCardiacDefibrillators:SoftwareRadioAttacksandZero-PowerDefenses”-2008IEEESymposiumonSecurityandPrivacy*  2015-Hospirainfusionpumps:https://www.wired.com/2015/06/

hackers-can-send-fatal-doses-hospital-drug-pumps/*  Recently:“LosAngelesHospitalPaysHackers$17,000After

Attack”–February2016*  Veryrecently:“J&Jwarnsdiabeticpatients:Insulinpump

vulnerabletohacking”–October,2016*  Notmedical,butveryinteresting:SegwayBluetoothhack:

https://www.wired.com/story/segway-minipro-hackCyberSecuritymeetup:07/20/17-Saltzstein

*  MedicaldevicesareIoTdevicesgoingforward*  “HackedCameras,DVRsPoweredToday’sMassive

InternetOutage”,October16,2016*  The‘botnetofthings’?*  Ransomware,ex:WannaCry–May2017,morethan230,000computersinover150countries,lotsofhospitalcomputersincluded…

Ø Medicaldevicedesignersneedtodesignandimplementappropriatecybersecuritymeasures


IoM:theInternetofMedical

Whydoesthishappen?Developmentlifecycle&cybersecurity

Commontimelinetodate Futuredevelopment

Time

Features

ship

implementsecurity

Time

Features

ship

implementsecurity

Revise/refinesecurity


MakingsecuritypartoftheProductLifecycle

*  Requirements*  Specifications*  Hazardanalysis/Riskanalysisandmanagement*  Testing*  Releasecriteria*  Continuousmonitoring&improvement*  Monitoring*  Updatereleases


Riskstoconsider-examples

*  ModificationofinformationMisuseofinformation*  Denialofuse*  Openports*  Unused/unnecessaryprofiles/services*  Unauthorizedappsonsystem*  Debuggingcodeorentries*  OffTheShelf(OTS)softwarepatchdoesn'tgetapplied*  OTSsoftwareischangedwithoutbeingvalidated*  MalwareEndangerpatienthealthCompromiseidentityor

privacy


Potentialwireless-specifichazards

*  Eavesdropping*  Spoof/mimicdataconnections*  ManinTheMiddle(MTM)attacksduringpairing*  OverTheAir(OTA)upgrades*  Settingchanges*  Advertisingpromiscuously


Regulatoryguidanceandrequirements

*  TheFDArecentlyclarifiedguidanceforsoftwarerevisionsduetocybersecurity*  Noagencysubmissionsrequired

*  NISTCybersecurityFramework,Draftv1.1-1/17*  RecentUSGovernmentreport:“ReportonImprovingCybersecurityintheHealthCareIndustry”*  Seereferencesprovidedforspecificguidance


Myadvicetoclients

*  Don’tpanic,butthinklikeahacker*  Applyappropriatemeasuresrelativetotherisk*  Considerusability*  Considerpatientsafety–cannotcompromise!

*  Makecybersecuritypartofhazardanalysisandmitigationprocess*  Considerend-to-enddatapath*  Follow&readuponnews–thisisanevolvingissue*  Limitattacksurface*  Considerconnectivitychangesthatpresentnewandunintended

pointsofattackordisclosure


*  BillSaltzsteinCodeBlueConsultingbill@consultcodeblue.com425-442-5854

Q&A



Referencematerial

RecommendedFDAguidance

*  FDAlandingpageforDigitalHealth*  http://www.fda.gov/medicaldevices/digitalhealth/

*  GeneralWellness:PolicyforLowRiskDevices*  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM429674.pdf

*  MobileMedicalApplications*  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM263366.pdf

*  MedicalDeviceDataSystems,MedicalImageStorageDevices,andMedicalImageCommunicationsDevices*  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM401996.pdf

*  RadioFrequencyWirelessTechnologyinMedicalDevices*  ohttp://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077272.pdf

*  GuidanceforIndustry,FDAReviewersandComplianceonOff-The-ShelfSoftwareUseinMedicalDevices*  http://www.fda.gov/downloads/MedicalDevices/.../ucm073779.pdf

*  SOFTWAREASAMEDICALDEVICE(SAMD):CLINICALEVALUATION(draft)*  http://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm524904.pdf

*  Enforcementdiscretion*  http://www.fda.gov/MedicalDevices/DigitalHealth/MobileMedicalApplications/ucm368744.htm


SelectedCybersecurityReferences

*  GuidanceforIndustry-CybersecurityforNetworkedMedicalDevicesContainingOff-the-Shelf(OTS)Software*  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/

ucm077823.pdf*  ContentofPremarketSubmissionsforManagementofCybersecurityinMedicalDevices*  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/

UCM356190.pdf*  PostmarketManagementofCybersecurityinMedicalDevices*  http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm482022.pdf

*  ISO14971:2007Medicaldevices--Applicationofriskmanagementtomedicaldevices*  http://www.iso.org/iso/catalogue_detail?csnumber=38193

*  HHS:YourMobileDeviceandHealthInformationPrivacyandSecurity*  https://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security

*  Archimedes–AnnArborResearchCenterforMedicalDeviceSecurity*  https://secure-medicine.org

*  BITAG:InternetofThings(IoT)SecurityandPrivacyRecommendations*  http://www.bitag.org/documents/BITAG_Report_-

_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf*  DiabetesTechnologySociety:https://www.diabetestechnology.org/dtsec.shtml


AAMI

*  TIR57:Principlesformedicaldevicesecurity—Riskmanagement*  https://standards.aami.org/kws/public/projects/project/

details?project_id=876*  TIR59:RiskAssessmentofradio-frequencywireless

coexistenceformedicaldevicesandsystems*  https://standards.aami.org/kws/public/projects/project/

details?project_id=1114*  AMSIC63.27*  AAMITIR69aswellforcoexistence


*  NIST:CybersecurityPracticeGuide,SpecialPublication1800-1:"SecuringElectronicHealthRecordsonMobileDevices”*  https://nccoe.nist.gov/projects/use_cases/health_it/

ehr_on_mobile_devices*  NIST:GuidetoBluetoothSecurity*  http://nvlpubs.nist.gov/nistpubs/Legacy/SP/

nistspecialpublication800-121r1.pdf*  CybersecurityFrameworkv1.1–1/17*  https://www.nist.gov/cyberframework/draft-version-11

*  Infusionpumpdraft*  https://nccoe.nist.gov/sites/default/files/library/sp1800/hit-

infusion-pump-nist-sp1800-8-draft.pdf


NIST

*  Transcoding(andother)Whitepapers:https://www.bluetooth.com/develop-with-bluetooth/white-papers


BluetoothSIG