Connectivity and Hackability

Connectivity and Hackability

It is somewhat ironic that Hospira and Cerner announced a new collaboration on Hospira’s infusion pumps and Cerner’s EHR given that Hospira has recently had more than its share of attention with respect to asserted LifeCare and Symbiq pump cybersecurity vulnerabilities. This attention included a notice from the Department of Homeland Security as well as from the FDA (here and here). I found it of interest that despite the widespread hype around these notices there has been no recall of these pumps for the related issues. Instead advice was given to transition away from their use, mitigate the risks by some technical changes, and await Hospira’s updates.

Share
Read More

Some Funky Cybersecurity Math

Some Funky Cybersecurity Math

Assessing the magnitude and significance of cyber threats has at least two important purposes. One is to determine the extent of measures that have been or should be taken to respond to or counter the threat. This is part of the rational deployment of resources across the multiple risks that we face, whether cyber or otherwise. In this regard it is simply not possible or necessary to respond to all risks with equal vigor. A second purpose can be to communicate threat significance to or among interested parties. For such communication there is a tendency to reduce complex, multifaceted issues to a simple broad summary word, e.g., the threat level is “Guarded”. Such simplicity is possibly attractive but not necessarily meaningful with regard to what to do with the information communicated.

Share
Read More

Interview with Sailesh Chutani, CEO, Mobisante

Interview with Sailesh Chutani, CEO, Mobisante

My first exposure to Mobisante and their disruptive diagnostic ultrasound system was the mHealth Summit in November of 2010. At that time, the consumerization of medical devices had been gaining traction, mostly in the physician office market. Consumerization offers medical device manufacturers advantages in lower design costs, shorter time-to-market, lower product costs, increased usability and lower training costs.

I recently got Sailesh Chutani, co-founder and CEO of Mobisante, on the phone and we discussed their product strategy — a software based diagnostic ultrasound that runs on a variety of consumer electronics platforms.

Your product is clearly a diagnostic ultrasound medical device, but one can’t help but notice the rather unique design and choice of components. What were the factors driving the eventual design and appearance of your diagnostic ultrasound?

Share
Read More

The FDA October Workshop on Cybersecurity

The FDA October Workshop on Cybersecurity

If it were possible to be unaware of the general problem  of cybersecurity, the recent Sony hack with its public disclosures of  “private” e- conversations and then terroristic blackmail, following the earlier release of celebrity cloud photos, ought to have provided notice that what is electronically stored is likely to be available to those determined to have it. Moreover we know that cybersecurity can in principle also impact the function and availability  of connected systems (Sony again) and/or the information they contain. We also need to be concerned about the malicious alteration of information or disruption of device performance. You may remember the hacked insulin pump story which is already a few years old, and the story that the wireless function of Vice President Cheney’s pacemaker was disabled to protect against hacking.

In this broad context it may be worth taking a look at the FDA’s  now posted contents of the October 21-22, 2014 FDA workshop on  “Collaborative Approaches for Medical Device and Healthcare Cybersecurity”. There is also a link there to the October 29 FDA Webinar on the Final Guidance on Premarket Submissions for Management of Cybersecurity in Medical Devices.  (If that link doesn’t work, as it didn’t for me, try here.) I had not been not aware that October was National Cybersecurity Awareness Month under the auspices of the Department of Homeland Security (DHS).

Share
Read More

DHHS OIG Work Plan Targets Networked Devices

DHHS OIG Work Plan Targets Networked Devices

The Office of the Inspector General (OIG) of the U.S Department of Health and Human Services has released a report (pdf) outlining its 2015 work plan.  Among a host of subjects is “Information Technology Security, Protected Health Information, and Data Accuracy” with the subsection “Controls over networked medical devices at hospitals”. The focus here is on the security of  patient electronic health information which is to be protected under law. Other risks associated with device networking are not addressed.

Share
Read More

Challenges Using Patient Generated Data for Patient Care

Challenges Using Patient Generated Data for Patient Care

When I do presentations on the use of standards, I invariably have a slide which defines interoperability as “the ability of a system or a product to work with other systems or products without special effort on the part of the customer.” My second slide then defines syntactic and semantic interoperability.

Syntactic interoperability occurs when there are two or more systems capable of communicating and exchanging data and this is usually attainable with the use of physical standards, data standards, and messaging structures. Semantic interoperability is defined as the ability to automatically interpret the information exchanged meaningfully and accurately in order to produce useful results as defined by the end users of both systems.

Share
Read More