Cyber Security for Medical Devices and Hospital Networks
Due to the increased use of technological devices in hospitals, there have been many concerns raised regarding the security issues of the network systems. This is not only a problem to the health sector but also to the business world where people have lost crucial information to unscrupulous individuals who take advantage of unprotected networks to deprive unaware people off their privacy. This is why hospitals have to implant some of the infrastructures to cater for the security wellbeing of the patients as well as the entire hospital. The project aims at protecting hospitals networks from attacks from hackers and unauthorized persons.
From July 1 to July 15: Design and development
The projects involve a number of parties expected to make adjustments in order to promote security of the devices. Installation of software to the system that will detect the user’s personality is deemed to take a period of six days. This is because the system operation needs to be reevaluated with the installation of the new software consecutively taking place. Downloading new files and documents from emails and internet will require authorization from the program coordinator if the source is unrecognized. In order to use the devices, one will be required to sign in with authorized user name and password. Only authorized personnel will access and operate the devices. This will enhance the security as well as the instillation of responsibility upon the users.
This phase would require close coordination between FDA and the manufacturers of the medical devices. The manufacturers would have to follow every detail laid out in the FDA’s content of premarket for management of cyber security in medical devices. This project would ensure that this guidance recommended by the food and drugs administration is strictly adhered to in the manufacture of any medical device. The manufactures would be urged to predict and evaluate any potential risk that may arise from the use of a medical device. This would be possible during the design and development of devices, and the findings submitted to FDA for mitigation purposes. The FDA’s guidance is recommended because there is no device that would without any threats to it. Federal agencies and manufactures of the devices, together with FDA must therefore ensure that design and development stage is extensively explored and vulnerabilities identified and discussed.
From July 16- august 1: Goals and Objectives for Manufactioners
The installation of the firewalls in the organization that will take a period of six days will commence after the installation of new and advanced software. This wall helps to control networks traffic in the sense that it prevents unauthorized incoming networks from connecting to the institutions network. In addition, it helps detect unauthorized users and prevent them from accessing the organization’s network. This program may take approximately six days to be fully installed and work to meet the expected standards. Moreover, hospital employees need to be informed about the new structural development and measures to undertake when using the infrastructure to enhance privacy. This goes hand in hand with the installation of Mobile Technology to enhance the Voice Mail Answering and Beeper Service in Hospital Settings. It will facilitate communication between workers in the premises. This action creates efficiency and effectiveness of service delivery by the stakeholders through timely consultation and feedback management.
The manufacturers of the medical devices would be expected to remain vigilant and identify as many risks as possible and their hazards. It is the responsibilities of the manufacturers to identify and put in place, the necessary mitigation measures to cater for the safety of the patients and to ensure that the devices would be operating to their maximum capacity. The manufacturer should try to always have a maintenance plan for all the medical devices. This would enable the end users to allocate various individuals different roles in ensuring that the devices work well.
During this period, the manufacturers would have to adhere to all the requirements stated on the guidance document by FDA. They are also responsible for supplying hospitals with network connections regarding their medical devices. They should let the hospitals know the characteristics of the required networks that the devices should be connected to and their exact configurations. The manufactures should specify to the health care facility, the technical specifications which are needed for connection of the devices to the networks. A worthy manufacturer should ensure that he let the end users know of the kind of information that is expected to flow between its device, the hospital network, and any other device connected to the network. Lastly, the manufactures would outline some of the hazardous situations which might require that the device be disconnected from the network for the safety and privacy of the patients
The project will take around two weeks to try to establish some of the necessary security frameworks, which would enable healthcare facilities, create access and store all the required information without the fear of data breaches. If possible, a mock cyber attack would be planned and health facilities and organizations would be called upon to volunteer their participation. The attack can be done for about two days so that the organizations would understand the best ways prepared to avoid cyber security breaches. From this mock attack, it is believed that hospitals would understand how to respond to cyber threats, improve co-ordination between the interested entities and to provide scenarios that may be applied in the future cyber attacks.
From Aurgust1-Aurgust 15: Goals and Objectives for Health Care Facilities
Monitoring for the usage of companies data will be done through the administration of a procedural authorization setup to the hospitals network. By doing this, all the user will follow a particular path authorized by the regulator. In case of any irregularities or suspicious dealings, the system will alert the regulator/administrator who will intervene and disable the transaction. Here, hospitals are required to establish a control panel that will monitor all the activities. This process needs at least two weeks to be fully established. Constant evaluating and checking of the devices should be left to the manufacturers so that they can operate at the highest efficiency level.
The health facilities, which would be involved in this project, would benefit a lot in that they would not only understand the cyber security situations in their premises, but also on the ways to prevent some crimes, which are related to cyber security. The facilities are expected to learn on the past scenarios and the mock attack to strengthen their cyber security departments. These hospitals would also gain the trust and confidence of many patients who value their privacy and would pay whatever amount of money just to receive their treatment from a facility that would guarantee their privacy and security.
Project Outcomes and Deliverables
There are numerous advantages of having a protected network; they include the following. One is that the company will reduce the number of attacks from outside and unauthorized networks that expose confidential information to unwarranted people who misuse it for selfish interests. Another advantage is that the cost of operation is reduced by a great deal due to reduced cases of fraudulent cyber attacks.
The project is expected to bring out results, which would help hospitals improve on their cyber security. All health facilities would know and understand what their roles are in establishing secure data networks within their facilities. Through this project, the coordination between various government agencies is expected to improve and manufactures’ adherence to the FDA’s guidelines would register significant improvement after the project.
The project would help health facilities by enabling them to identify loopholes in the networks and medical devices within their hospitals. The hospitals may then decide to hire a professional to ensure they have safe networks and devices or train some of its personnel for the job. In the long run, the project would have contributed in strengthening hospital networks and teaching hospitals and manufacturers of what they would do to improve cyber security. The manufacturers would be reminded of their mandate towards ensuring patients are safe by abiding by the guides set out by the guardians.
From august 16-september1: Implementation and Evaluation
The project is deemed to cost the hospital a total of $200,000 in terms of acquiring new software and training all the employees. Employee training will commence prior to the inception of the new system so that they are familiar with the demand of the system. This is a positive move towards safety measures implementation and operation of the initiative meant to change the way business is conducted by all the stakeholders. The implementation will be in three phases.
From 1 September to 12 September: The first phase involves the replacement of old software with the new software that is more advanced and keeps on updating data from time to time. The process will take two to three week to be implemented by technicians helped by the manufacturing company.
From 13 September to 20 September: The second phase involves the inception and establishment of a control panel by the hospital management. These are computer design experts trusted to undertake protective measures as well as monitor all the activities carried out by the organization staff members. One week will be enough for these activities to be through.
From 20 September to 1 October: The third phase incorporates the process of software development to host the user identification procedures that asks for user ID, password, and department or category of job group. It keeps off the intruders from accessing the system in the sense that they are unfamiliar with the working of the new system. This is the final stage in the implementation of changes thus need to be taken with a lot of care. It takes a maximum of one month to be fully functional depending on the size of the institution.
All servers and computer equipment will be secured in a restricted area where only authorized individuals are allowed to access. The lost devices will be reported immediately to the concerned individuals and this means that healthcare facilities must establish procedures for making such reports. The project would allow for establishment of procedures and policies for disabling inactive accounts, and the timeouts set automatically for all computers when a user forgets to logout. All the technical safeguards from manufacturers would be reviewed, together with the incident reports to minimize malware and case of security breach.
Regular assessment to the computer network to establish the need for upgrades and updates. All the mobile devices and computers used by hospitals would be encrypted in order prevent introduction of malwares into the system. Access based on individual’s roles would be implemented so that employees are restricted only to programs that are needed for their job. The project would recommend regular auditing of all the desktops and laptops connected to the network to ensure that no unauthorized application is connected to the network in form of software.
Evaluation of the project would include checking the networks to look for possibilities of malware infection. Evaluation would be done to establish whether passwords are distributed uncontrollably, passwords disabled. The medical devices, just like other softwares, have updates and there would be regular updates on the devices.