Access your Pro+ Content below.
Medical device security: Does IEC 80001 go far enough?
This article is part of the Information Security magazine issue of October 2011
Up until now, the information security risks involved with medical applications had to do with privacy breaches of patient or billing information. There was the potential of an incorrectly entered data element or an element that was not sent correctly through a medical interface. HIPAA was enacted to ensure privacy and security risks were identified and managed, although some question its effectiveness. Today, the emergence of medical devices directly on a network introduces a new type of risk that hasn’t been seen before in health care information technology. As electronic medical records systems have been quickly adopted -- spurred by the American Recovery and Reinvestment Act of 2008 -- organizations developed a need to have certain patient data entered directly into the electronic medical record. The overwhelming task of entering all of the data was falling on clinicians, which could introduce human error into the process. As a result, medical equipment has started to sprout network jacks and wireless radios. Using the ...
Access this PRO+ Content for Free!
Features in this issue
Traditional antivirus tools have matured into multi-featured antimalware suites. Here’s what you should know when shopping for endpoint protection.
The breaches of certificate authorities fuel renewed debate for Internet security alternatives.
Columns in this issue
This year’s Security 7 Award winners represent a bright spot in an industry beset by bad news.
An InfoSec Leaders survey examines the impact of different certs on the security profession.
Networked medical devices introduce new risks but does a new standard go far enough in addressing the problem?