Blog

Wireless Medical Devices Security Issues

Wireless Medical Devices Security Issues By Wur Aeek Student ALEX LAZO, PhD Faculty Mentor and Chair TIFFANY YATES, PhD, Committee Member PAUL GROSSKLAS, M.A, Committee Member   Rhonda Capron, EdD, Dean School of Business and Technology A Dissertation Presented in Partial Fulfillment Of the Requirements for the Degree Doctor of Information Technology   Month Year [of final school approval]   © [Wur Aeek 2017]

Table of Contents

List of Figures

Figure 1. 802.11, Wireless Security & Data Privacy …… (Coleman & Jackman, 2010, P.13). X

Thank you for reading this post, don't forget to subscribe!

Figure 2. Wireless Security Standards and Certifications(Coleman & Jackman, 2010, P.17) xx

CHAPTER 1.

INTRODUCTION

The study will explore the security risks associated with the used of wireless medical
devices in the medical practice environment. The main security issue with wireless medical involves the medium used to transfer data between devices. Unlike wired devices, wireless devices use the airwaves as their channel of communication, and there is no way of knowing if someone has unauthorized access to or intercepts the communication on the open airwaves. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) indicates that 116 data breaches of 500 records or more were the direct result of the loss or theft of a
mobile device, exposing more than 1.9 million patients’ public health information (PHI) (PC Business Product, 2011)

Background

Wireless medical devices technologies have improved the healthcare experience by making it easier for doctors and nurses to monitor and access their patients’ medical information anywhere. They also give the patient mobility both in the hospital and at home. At the same time, these technologies have security disadvantages, particularly vulnerabilities to hacking. “With the security of sensitive information, a growing concern in healthcare organizations, those
responsible often face a bewildering array of urgent technical concerns and competing priorities”
(Chaudhary& Ward, 2014).

Business Technical Problem

Unauthorized access to the patients’ medical information is a major concern for security professionals in hospitals and health facilities in the United States. One major site of risk management in these hospitals and health facilities is the use of wireless medical devices. Along with their potential to expose confidential patient information, these devices are also often processing information (Bastani & Tang, n.d). Some examples of these devices include implanted devices, tablets, and laptops. These devices are capable of sending and receiving patients’ information wirelessly. These wireless transmissions are difficult to manage, and they
present threats to the confidentiality of the patient’s personally identifiable information (PII). Flaws in these devices also make them an easy target for hackers. These threats affect patient’s hospitals’ reputations as well as patient privacy. Hospitals are also required to comply with the Health Insurance Portability and Accountability Act of1996 (HIPAA). “The regulation requires appropriate safeguards to protect the privacy of personal health information and sets limits and
conditions on the uses and disclosures that may be made of such information without patient authorization”(Alder,2015,p.7). The reason for conducting this qualitative study on wireless medical devices security issues is that there is not enough research has done on the topic.

Research Purpose

he purpose of this study is to explore the impact of wireless medical devices in terms of cybersecurity and privacy. The privacy of personal information identifier (PII) has become an ever more important issue as hackers launch more attempts to intercept information Organizations that handle information and store users’ data must therefore think carefully about the methods used to secure it. The security challenges that hospitals face in securing patients’ data are significant, especially when the data is in transit or at rest on wireless devices. A hacking attack on a hospital also often has negative effects on hospital business.

Research Questions

The study will examine and explore the following questions.
A-What vulnerabilities exist on the wireless medical devices?
B -What are the best practices in place to protect patients’ records?
C- What regulations exist to enforce security controls in hospitals’ network systems?
D- What are some barriers to the implementation of security best practices?

Rationale

This study will focus on security risks to the privacy of patients’ medical information
from wireless medical devices. The security risk associated with the use of the wireless medical devices in the medical field today is real. When the patient visits the hospital the hospital collected amount of personal information that included day birth, social security, address, and employment information. These medical records are storage on hospitals network system for treatment purposes; these patient’s records can compromise by an unauthorized entity. According to Chaudhary& Ward study indicated that “Any security weakness on the part of one of these associates directly affects everyone involved in providing care to the patient” (Chaudhary&Ward, 2014).

Theoretical Framework

Previous studies indicated that wireless medical devices were a security concern. These studies included a warning from the United States Department of Homeland Security. In 2015, the Department of Homeland Security conducted an investigation on two separate incidents that they believed indicated that there were potential security vulnerabilities on medical devices.
(Tanev, Tzolov, & Apiafi, 2015). Although some of these devices are software based and connected to the network and some are no network software based, their security risks were the same.(Tzolov, & Apiafi, 2015). “Privacy risks of telehealth involve a lack of controls or limits on the collection, use, and disclosure of sensitive personal information” medical and consumer devices typically used by patients for telehealth applications can themselves pose serious risks,”
(Hall & McGraw, 2014)

Significance

The study of security risks in wireless medical devices is more significant than ever
before. As the use of these devices increases, so do hacking attacks launched to intercept patients’ personally identifiable information (PII). Wireless devices, including wearable devices that can submit information about patients’ health records, could cause considerable problems if their information is misdirected to unauthorized persons. Some of this information is protected by Health Insurance Portability and Accountability Act of 1996 (HIPAA). According to Krishun (2015),“Security vulnerabilities are widespread and severe in wireless-connected medical devices.”Existing regulations do not mandate any particular technical controls for wireless medical devices, which make it difficult to know which control each device should have in place to comply with HIPPA.

Definition of Terms

The following terms will be used in this dissertation:
Risk. Risk is the likelihood that something bad will happen to an asset (Kim & Solomon, 2010). Threat. Threat is an action that could damage an asset (Kim & Solomon, 2010). Vulnerability. Vulnerability refers to a weakness that allows a threat to have an effect on an asset (Kim & Solomon, 2010). Attack. An attack is an attempt to exploit vulnerabilities of computer or network components
(Kim & Solomon, 2010)

Assumptions and Limitations

Assumptions
The assumptions of this study are to address patients’ privacy and security risk that
wireless medical present. “The nature of this qualitative study was (1) to address the
confidentiality and security concerns Unaddressed in the HIE initiative and (2) to develop a best practice that will enable the HIM Professional to manage the access and release of health information within the HIE environment.” (Richardson, 2015).
Limitations
One limitation of this study is that the researcher may not have physical access to actual wireless medical devices to examine each device for security weaknesses. Also, the security concept is still new to many people, and may not be widely used because the cost of deploying security controls in the business’s environment is expensive. According to the study by Chaudhary& Ward “As a result of this tendency, many health care organizations devote their limited information security resources mainly to meeting compliance requirements while ignoring the bigger picture and failing to address information security on a holistic or enterprisewide basis.” (Chaudhary& Ward, 2014)

Organization for Remainder of Study

The remainder of study will consist of the following chapters: Chapter 2, literature
review; Chapter 3, methodology and design; Chapter 4, results; and Chapter 5, discussion, implications, and recommendations.

REFERENCES

Alder, S., Kelleher, A. (2015) HIPAA compliance guide. HIPAAJournal. Retrieved from
http://www.hipaajournal.com/wp-content/uploads/2015/05/HIPAAJournal-com-HIPAACompliance-Guide.pdf.
Bastani, F., Tang, T. (n.d) Improving security of wireless communication in medical devices.
Retrieved from https://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall14-
papers/Wireless_Medical_Devices.pdf.
Chaudhary, R., & Ward, J. J. (2014). A practical approach to health care information security.
Managed Care Outlook, 27(9), 1-9. Retrieved from
http://search.proquest.com.library.capella.edu/docview/1525825131?accountid=27965.
Coleman, D.D., Westcott, D.A., Harkins, B.E & Jackman, S.M. (2010). Certified wireless
security professional official study guide
. Indianapolis, IN: Wiley Publishing, Inc.,
Hall, J. L., & McGraw, D. (2014). For telehealth to succeed, privacy and security risks must be
identified and addressed. Health Affairs, 33(2), 216-21. Retrieved from
http://search.proquest.com.library.capella.edu/docview/1498231612?accountid=2796
Krishnun, S. (2015) Security risks of medical devices in wireless environments, Australian
eHealth informatics and security conference. Retrieved from
http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1024&context=aeis
Kim, D. Solomon, M, G. (2010) Fundamentals of information systems security.Jones&Bartlett,
Burlington, MA.
Mobile devices pose security risks for patients. (2011), PC Business Products, 23(8)
Retrieved from
http://search.proquest.com.library.capella.edu/docview/879785791?accountid=27965
Oliver, Paul. (2010) Student’s guide to research ethics (2). Maidenhead, GB: Open University
Press.
Richardson, S. H. (2015). Managing the access and release of health information as health
information exchange initiatives evolve: A qualitative study
(Doctoral dissertation).
Available from ProQuest Dissertations & Theses database. (1737852544). Retrieved
from
http://search.proquest.com.library.capella.edu/docview/1737852544?accountid=27965
Tanev, G., Tzolov, P., & Apiafi, R. (2015). A value blueprint approach to cybersecurity in
networked medical devices. Technology Innovation Management Review, 5(6), 17-25.
Retrieved from
http://search.proquest.com.library.capella.edu/docview/1697867523?accountid=27965