- The Food and Drug Administration (FDA) has issued new guidance on the radio frequencies of wireless medical devices, including recommendations for authentication and encryption measures to ensure the security of the device and the safety of the patient. Properly encrypted wireless devices will not only prevent hacking and misuse of the device itself, but also reduce the likelihood of unauthorized access to the wireless network itself.
While the recommendations are mostly directed at device manufacturers, the rules have significant implications for security professionals as well. “Increasingly, the healthcare enterprise and associated devices are becoming wireless enabled and integrated. So, this type of guidance is very important,” says Dale Nordenberg, MD, executive director of the Medical Device Innovation, Safety and Security Consortium. “Authentication and encryption will help protect against hacking to prevent the possibility of access to the device and associated networks by unauthorized personnel to protect both patient safety and patient privacy. In certain cases, taking control of a device could result in broader access to the enterprise’s IT devices and assets.”
Specific areas of concern for security managers includes the capability of technologies to automatically sense and connect to an unsecured wireless network, and the transmission of sensitive patient health data over such a network. Potential risks also include a malicious attack on the patient himself, with an unauthorized hacker delivering a fatal overdose of medication or device malfunction through the network, the possibility of which was recently illustrated by ethical hacker Barnaby Jack.
The FDA encourages the use of state-of-the-art encryption and authentication methods, although the Agency did not recommend specific protocols, since security technology is changing at a rapid pace. The guidance follows an additional FDA report on the need for interoperability standards for medical devices to enhance the “plug-and-play” capabilities of products.