How to Improve Medical Device Security

Expert: Healthcare Providers Must be More Proactive

By , March 20, 2013.
How to Improve Medical Device Security

Listen Now

Read Transcript

How can healthcare providers help to ensure better medical device security? They need to put more pressure on device vendors at the time of procurement, says security researcher Kevin Fu.

"Hospitals should be putting stronger terms into their procurement processes so that they have a quantifiable assurance about the cybersecurity of the medical devices they're buying," says Fu, director of the security and privacy lab at University of Michigan, in an interview with HealthcareInfoSecurity.

Vendors need to be more upfront about the maintenance costs of their medical devices, and they could offer optional security maintenance plans as part of the bigger-picture plan for mitigating security risks such as malware, Fu says. "It's way beyond the time to pretend there is no cost. One way moving forward to mitigate these risks is to do security economics."

In the procurement process, hospitals and other healthcare organizations can push to have "much more honest discussions about the cost and unintended consequences of using hardware and software susceptible to security risks," he says.

In the interview, Fu also discusses

  • Why the biggest medical device security risks will involve web-enabled mobile devices and automated devices that require no human intervention for use;
  • Why healthcare entities need to allocate resources and encourage staff to do more reporting of security incidents involving medical devices;
  • The emergence of mobile health applications that consumers can download via the web, and the conflict between development teams in the medical device industry versus other software industry sectors.

Medical device security "is not a problem of one hospital; it is a problem of the whole community," he says.

Before joining the University of Michigan in January as associate professor of electrical engineering and computer science, Fu served as an associate professor of computer science and adjunct associate professor of electrical and computer engineering at the University of Massachusetts-Amherst. Fu also has served as a visiting scientist at the Food & Drug Administration, the Beth Israel Deaconess Medical Center, Microsoft Research, and MIT CSAIL. He is a current member of the NIST Information Security and Privacy Advisory Board. Fu was also recipient of a Sloan Research Fellowship and the National Science Foundation Career Award, and he was named MIT Technology Review TR35 Innovator of the Year. Fu earned his Ph.D. in electrical engineering and computer science at MIT for research on secure storage and web authentication.

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE NIST Seeks to Raise Its Cryptographic Profile

It's barely a drop in the bucket, but President Obama is earmarking $7 million of his nearly $4...

Latest Tweets and Mentions

ARTICLE NIST Seeks to Raise Its Cryptographic Profile

It's barely a drop in the bucket, but President Obama is earmarking $7 million of his nearly $4...

The ISMG Network