Access your Pro+ Content below.
Medical device security: Does IEC 80001 go far enough?
This article is part of the October 2011 issue of Information Security magazine
Up until now, the information security risks involved with medical applications had to do with privacy breaches of patient or billing information. There was the potential of an incorrectly entered data element or an element that was not sent correctly through a medical interface. HIPAA was enacted to ensure privacy and security risks were identified and managed, although some question its effectiveness. Today, the emergence of medical devices directly on a network introduces a new type of risk that hasn’t been seen before in health care information technology. As electronic medical records systems have been quickly adopted -- spurred by the American Recovery and Reinvestment Act of 2008 -- organizations developed a need to have certain patient data entered directly into the electronic medical record. The overwhelming task of entering all of the data was falling on clinicians, which could introduce human error into the process. As a result, medical equipment has started to sprout network jacks and wireless radios. Using the ...
Features in this issue
Hear from the winners of this year's Information Security magazine Security 7 Award.
Traditional antivirus tools have matured into multi-featured antimalware suites. Here’s what you should know when shopping for endpoint protection.
The breaches of certificate authorities fuel renewed debate for Internet security alternatives.
Columns in this issue
This year’s Security 7 Award winners represent a bright spot in an industry beset by bad news.
An InfoSec Leaders survey examines the impact of different certs on the security profession.
Networked medical devices introduce new risks but does a new standard go far enough in addressing the problem?