Patient Centric Cyber Monitoring

Tracy Rausch, CCECEO and FounderDocBox Newton, MAtracy@docboxmed.com

Chip BlockVice PresidentEvolver, Inc.Reston, VAcblock@evolverinc.com

THREE TYPE OF DEVICESDevices with software on a general computing

platform (Spirometers, Sleep Study, Devices as Software)

Stationary devices on proprietary platform (MRI, CT,X-Ray)

Medical devices with embedded software (Infusion Pumps, Ventilators, Multiparameter Monitors)

TURNING THE IOT SECURITY QUESTIONUPSIDE DOWN

What machines are infected and what data is lost?

TRADITIONAL ENTERPRISE SECURITY QUESTION

MEDICAL DEVICE SECURITY QUESTION

What patients are affected?

WHY IS DEVICE SECURITY DIFFERENT?

Traditional Enterprise Cyber Security Highly dynamic functionality

Continuous software, information and communication changes

User/computer centric

Security systems are primarily network/perimeter focuses

Medical Device Cyber SecurityHighly Static Functionality

Legacy, seldom changing software code

Patient centric

Security paradigm still being developed

User/Machine (passwords)

Server Authentication

Data Access

Primary focus is on which user accessed which application to get which data Malware / Anti-virus focuses on finding

vulnerabilities that can used for widespread attack Major concern is on large scale

infiltration and exploitation The possible outcomes of the attack are

numerous based on the devices on the network and available data Reporting is on network device and user

The primary question is what machines are affected and what data is at risk?

ENTERPRISE CYBER SECURITY

Patient

Outcome

Devices Impacted

Primary focus is on which patients may be affected by the attack The outcomes are limited as the device

only does a limited number of functions Reporting is on which patients have been

impacted and recovery Patient safety and security are interlinked

The primary question is what is theimpact on the patients?

MEDICAL DEVICE SECURITY

MEDICAL DEVICE CYBER SECURITY APPROACH

Leverage the unique characteristics of medical devices for security Leverage static nature of device to gain greater security

Develop patient centric security operations approach

Support both existing device security and work with FDA and other standards group for increased security in new devices

Utilize Integrated Clinical Environment (ICE) Architecture

WHAT IS “ICE”?

1. ICE = Integrated Clinical Environment2. It is a vision that integration of medical and non-medical

devices, data, and HIT in patient care environments can enable improvements in healthcare quality and safety that have been elusive until now

3. ICE is a published standard – ASTM F2761-094. ICE capabilities are being developed by academic and

industry collaborators, seeded by substantial federal and private funding. See www.openice.info and mdpnp.org

5. ICE is a platform to enable the Medical Internet of Things6. The ICE Alliance seeks to promote all of the above to

deliver safe, secure, interoperable clinical environments

FUNCTIONAL ELEMENTS OF THE INTEGRATED CLINICAL ENVIRONMENTASTM standard F2761-2009Published January 2010

ICE SupervisorICE Supervisor

NetworkControllerNetwork

Controller

ICE Interface

DataLoggerData

LoggerExternalInterfaceExternalInterface

Medical Device

ICE Interface

Other Equipment

Integrated Clinical Environment (ICE)

Clinician

Patient

Data Warehouse

ICE Systems Apps Clinical Documentation App

CDS App 1 CDS App 3

CDS App 2

MD 1MD 2

MD 3MD n

ICE Manager

CDS App a

CDS App n

EMR ADT Other

EnterpriseICE Systems Apps

CDS App 2 CDS App n

Clinical DocumentationCDS App 1

ICE Coordinator

1 2 3

MEDICAL IOT ARCHITECTURE

Remote Monitoring

ICE Data Bus ICE Coordinator Data Bus

Single Patient DB and App

Multiple Patient DB

ICE System App

ICE Clinical App

Medical Device (MD)

Hospital IT systems

Interface

SCALABLE ARCHITECTURE

Apps

1…n patients1 patient per ICE

0….24 devices/sensors or therapeutic devices

ICECoordinator

Data Cluster (HADOOP)

1 Coordinator per 250 beds

EMR LAB

PharmacyADT

Hospital

ICE System NetworkAcross Hospital Network

ICE Domain

Hardware for ICE Manager Changes by Environment

Other

TECHNOLOGY

Repurposed Technology for HealthcareDDS (Standard Communication Protocol) Mature Standard

Used in Military, Internet of Things, Energy, Public Works.

Platform to Build Clinical Apps

Environmentally Agnostic (change hardware to match intended use and environment)

SECURITY AND SAFETY

Traditional Security Approaches for IT will not meet the unique needs of the clinical environment. Security is required for patient safety. Security can’t impact patient safety or functionality of

medical devices. Implementation of security must be evaluated for patient

safety risks.

…N

…N

33

22

ICE SECURITY ARCHITECTURE ICE Coordinator

Roll-based LoginFirewallAnti-Virus / Anti-MalwareCoordinator whitelists eachManager & External Systems

ICE Coordinator

Roll-based LoginFirewallAnti-Virus / Anti-MalwareCoordinator whitelists eachManager & External Systems

ICE Manager

Manager whitelists CoordinatorRoll-Based LoginAnti-Virus / Anti-MalwareDevice Authentication

ICE Manager

Manager whitelists CoordinatorRoll-Based LoginAnti-Virus / Anti-MalwareDevice Authentication

1

Coordinator Data Bus

ICE Data Bus

External Systems

Comm Interface (Driver)

Communication “Process Whitelist”

Comm Interface (Driver)

Communication “Process Whitelist”

Physical Security: Hospital Data Center

Data-Level Security (DDS)

Data-Level Transport Security (DDS)

Medical Device(Legacy)

Medical Device(Legacy)

Medical Device(ICE Compliant)“Process Whitelist”

Medical Device(ICE Compliant)“Process Whitelist”

App WhitelistProcess WhitelistUtilize Rolls of Manager

App WhitelistProcess WhitelistUtilize Rolls of Manager

Patient

SECURITY AND PRIVACY Defense in layers approach for ICE components and devices

Process Whitelisting of Devices and Apps

Unique Login and Password for Clinicians.

Separate Devices Physically from Hospital Network (but not data).

Virus and Malware, protection on Server and Coordinator, consider traditional medical devices similar to IoT sensors

Implement DDS Security encryption and security individual data points at levels required. (not a one size solution for all data values or data paths).

Blackbox recording of data at bedside similar to aviation.

Encrypt all communications with PHI, use ICE patient session ID on devices not PHI on roaming devices.

Note: The ICE Alliance is hosted by the IEEE-ISTO

The ICE Alliance is a non-profit program committed to establishing healthcare environments that are safe, secure, and interoperable

www.icealliance.org

WHAT WILL THE ICE ALLIANCE DELIVER?

Many Deliverables are already in progress through MD PnP Program + Collaborators Medical and Health IT equipment procurement language for use by

healthcare delivery organizations (MD FIRE http://mdpnp.org/mdfire.php ) Clinical Needs Assessment and Descriptions – by HDOs System Requirements Specifications – elaborated by MD PnP program Use Case and Clinical Scenario Library – maintained by MD PnP ICE reference implementations, including safety and security requirements,

and test tools – Started by MD PnP, see http://www.openice.info Feedback to Standards Development Organizations (SDOs) to help

standards conform to ICE requirements – currently performed by MD PnP Regulatory science analysis related to submission http://mdpnp.org/

MD_PnP_Program___MDISWG.html interoperable medical devices and systems (FDA Pre-submission bit.ly/mdiswg ) Elaboration of requirements for EMR inclusion of device data

MEMBERSHIP IN THE ICE ALLIANCE The IEEE-ISTO manages the IAMembership is free to individuals, non-profit organizations

and federal agencies For-profit organizational membership ranges from $1000 to

$10,000 annually Seed funding has been provided by HDOs, Manufacturers,

and medical societies. Contributions are welcome. Specific projects are funded separately from annual

membershipQuestions may be directed to jmgoldman@partners.org

NOTE – NOT ALL PENDING MEMBERS ARE SHOWN

ICE ALLIANCE FOUNDING MEMBERS*

Founding Members

Liaison Members

*As of 7/25/15Additional founding memberships in process

CONCLUSION Turn the security monitoring question upside down,

patient focused, not device focused, monitoring

Leverage unique features of devices to gain security

Utilized Integrated Clinical Environment architecture to gain security through separation of devices and network

THANK YOU