va va medical device protection program medical device
play

VA VA Medical Device Protection Program Medical Device Protection - PowerPoint PPT Presentation

Oct 25, 2022 •44 likes •254 views

VA VA Medical Device Protection Program Medical Device Protection Program presented to presented to Information Security and Privacy Information Security and Privacy Advisory Board Advisory Board March 4, 2011 March 4, 2011 March 4, 2011

  1. VA VA Medical Device Protection Program Medical Device Protection Program presented to presented to Information Security and Privacy Information Security and Privacy Advisory Board Advisory Board March 4, 2011 March 4, 2011 March 4, 2011

  2. Table of Contents Table of Contents  Introduction  MDPP Timeline and Evolution  What’s Next  Conclusion March 4, 2011 2

  3. 3 Photo Source: Idaho Department of Commerce Achieving security takes Achieving security takes … teamwork… teamwork March 4, 2011

  4. Data protection and patient safety Data protection and patient safety are critical VA priorities are critical VA priorities “Any Personally Identifiable Information (PII) and electronic Patient Health Information (ePHI) that is collected, stored, or transmitted across medical device systems should be protected with the best possible security tools for the deployed systems.” – Health Information Portability and Photo Source: Depa rtment of Health and Human Services Accountability Act (HIPAA) VA must secure medical devices in order to maintain data integrity and prevent invalid results that may negatively impact patient safety! March 4, 2011 4

  5. Threats to VA Medical Devices Threats to VA Medical Devices  Medical devices can restrict the application of operating system patches and malware protection updates. This can potentially cause: • An increased vulnerability to malware attacks and potential to serve as an entry point for attacks into the trusted network • A risk to patient safety and protection of patient sensitive information A medical device is defined as any component(s) [hardware, software] that is/are: • FDA 510K certified; • Any device that is used in patient healthcare for diagnosis, treatment or monitoring; • Any ancillary support device including but not limited to external disk storage, database servers, gateway or middleware interface devices - that are required for the medical device to function properly Networked medical device : Any medical device that is connected to the VA network. Networked medical system: Any group of devices that make up a complete medical system. These are multiple devices that are required for the medical system to function as intended by the manufacturer/vendor. Photo Source: Department of Veterans Affairs March 4, 2011 5

  6. Threats to VA Medical Threats to VA Medical Devices… …(con (con’ ’t) t) Devices  The VA-NSOC is tracking reported incidents on networked devices. USB Device Incidents and Infections Medical Device Infections Mar 2010 – Feb 2011 * Mar 2010 – Feb 2011 (Source: VA-NSOC Weekly Threat Briefs) * 30% of unauthorized USB incidents result in malware infection March 4, 2011 6

  7. Table of Contents Table of Contents  Introduction  MDPP Timeline and Evolution  What’s Next  Conclusion March 4, 2011 7

  8. Medical Device Protection Medical Device Protection Program Program  To better safeguard medical devices, VA developed a comprehensive security initiative that encompasses: • Communication • Training • Validation • Scanning • Remediation • Patching • Medical device isolation architecture (MDIA) March 4, 2011 8

  9. MDPP has evolved over time… … MDPP has evolved over time  MDPP has grown and changed over time to meet the challenge of evolving threats to VA medical devices  The program will continue to grow and change to create a service oriented architecture that meets the needs of the organization and addresses the risks of medical devices March 4, 2011 9

  10. MDIA has been implemented VA- - MDIA has been implemented VA wide wide  As of September 30 th , 2010, more than 50,000 medical devices have been isolated behind nearly 3,200 virtual local area networks (VLANs)  It took approximately 7 months to isolate the medical devices behind VLANs to meet MDIA guidance MDPP is now in an operation and maintenance MDPP is now in an operation and maintenance (O&M) phase… … (O&M) phase 10 March 4, 2011

  11. MDPP is currently focused on the MDPP is currently focused on the validation phase of the O&M process… … validation phase of the O&M process Validation • The Office of Information and Technology (OI&T) is reviewing all ACLs that have been put in place • The Office of IT Oversight & Compliance (ITOC) and Office of Inspector General (OIG) will begin validation assessments of the program in FY11 Q2, ensuring that fimsinfo.doe.gov the VLANs are in place and maintained • ITOC and OI&T compliance and oversight audits occur independently of one another March 4, 2011 11 Photo fimsinfo.doe.gov

  12. MDPP Progress: Where are we MDPP Progress: Where are we now, and where are we going? now, and where are we going?  Over the time period of ACL implementations the infection rate has trended down Medical Device Infections Trending Mar 2010 – Feb 2011 Source: VA-NSOC Weekly Threat Briefs March 4, 2011 12

  13. Table of Contents Table of Contents  Introduction  MDPP Timeline and Evolution  What’s Next  Conclusion  Appendix March 4, 2011 13

  14. VA is moving forward with VA is moving forward with numerous MDPP activities numerous MDPP activities  Building solutions through collaboration to reduce risk and promote innovation in the U.S biomedical device network • Participating in the launch and development of the Medical Device and Electronic Health Record Innovation, Safety and Security Consortium (MDEISS)  Continuing training initiatives • MDPP Incident Response training scheduled March 2011 • Presenting MDPP at all ISO & CIO regional meetings and orientations 14 March 4, 2011

  15. MDPP activities… …(con (con’ ’t) t) MDPP activities  Employing OIG and ITOC assessments to maintain the integrity of the MDIA implementation • ITOC Validation begins 2 nd Qtr FY11  Publishing Medical Device Sanitization Guidance developed jointly with OI&T and VHA HTM • Scheduled for release 2 nd Qtr FY11  Working with FDA on medical device security* • Looking to IT staff, biomedical engineers, and medical device manufacturers to resolve problems • Helping to develop technical solutions and providing oversight to ensure medical device manufacturers are doing their fair share • Relying on user facilities to keep FDA informed of medical device malfunctions * FDA has stated no legal restriction on patching of medical devices or anti-virus updates except that 15 March 4, 2011 they must be tested by the vendor prior to VA implementation

  16. MDPP activities… …(con (con’ ’t) t) MDPP activities  VHA Biomedical Engineer is leading a pilot test of a vendor patching solution. • This solution is limited by Vendor and Device  Developing a strategy for the deployment of firewalls to medical device VLANs for tighter security boundary and audit capabilities (MDIA) 16 March 4, 2011

  17. Firewalls allow medical devices to Firewalls allow medical devices to communicate while maintaining best security communicate while maintaining best security and networking practices and networking practices zyxwvutsrponmlkihgfedcbaWVUTSPONIHGFDCBA Firewalls provide Inbound firewall Using firewalls to protect packet inspection, rule sets are medical device systems audit capability applied to each is required! and are hardened VLAN interface against attacks coming into the directed at them firewall  Ensures that only allowed traffic from inside the VA network flows through the firewalls  Reduces the risk that medical device systems will be compromised VA MDIA (Guidance established in 2004 and updated in 2009) March 4, 2011 17

  18. Table of Contents Table of Contents  Introduction  MDPP Timeline and Evolution  What’s Next  Conclusion March 4, 2011 18

  19. MDPP is only as good as the sum MDPP is only as good as the sum of its parts of its parts …Success depends on Success depends on teamwork teamwork, , communication communication, , … and compliance compliance with established protocols with established protocols and 19 March 4, 2011

  20. Wrap Up: MDPP Best Practices Wrap Up: MDPP Best Practices Hard outer shell… …. . Hard outer shell Soft in the middle… ….. .. Soft in the middle  Pre-procurement assessments must be complete  No Internet access  Always scan media  No changes to ACLs without Change Control Board (CCB) approvals  Use the Patch Repository Author Geoff Lane/Wikimedia Commons  Update DAT files often These are best practices for good computing and These are best practices for good computing and can be applied beyond medical device security! can be applied beyond medical device security! March 4, 2011 20

  21. Questions? Questions? MDPP guidance documents can be found on the MDPP guidance documents can be found on the HISD portal: HISD portal: https://vaww.infoprotection.va.gov/fieldsecurity/HISD.aspx .gov/fieldsecurity/HISD.aspx https://vaww.infoprotection.va Field Security Services Field Security Services Health Information Security Division Health Information Security Division vafsohisd@va.gov vafsohisd@va.gov 21 March 4, 2011

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MEDICAL DEVICE REW a clinicians perspective INTERNATIONAL MEDICAL DEVICE REGULATORY FORUM

MEDICAL DEVICE REW a clinicians perspective INTERNATIONAL MEDICAL DEVICE REGULATORY FORUM

MEDICAL DEVICE REW a clinicians perspective INTERNATIONAL MEDICAL DEVICE REGULATORY FORUM (IMDRF) 2017 Harindra Wijeysundera MD PhD FRCPC Vice President Medical Devices & Clinical Interventions, CADTH Associate Professor, Department of

750 views • 37 slides
International Medical Device Regulators Forum (IMDRF) and Medical Device Single Audit Program

International Medical Device Regulators Forum (IMDRF) and Medical Device Single Audit Program

International Medical Device Regulators Forum (IMDRF) and Medical Device Single Audit Program (MDSAP) Working Group Kimberly A. Trautman Associate Director, International Affairs Office of the Center Director Center for Devices and

652 views • 8 slides
Current Regulatory Landscape for Medical Device 3D-Printing Elizabeth McGrath Director, Medical

Current Regulatory Landscape for Medical Device 3D-Printing Elizabeth McGrath Director, Medical

Current Regulatory Landscape for Medical Device 3D-Printing Elizabeth McGrath Director, Medical Device Reforms and Emerging Technology Therapeutic Goods Administration Department of Health 30 March 2019 Medical device 3D printing - This talk

589 views • 22 slides
Recent Developm ents in Medical Device Softw are Overview of Mobile Medical Apps and

Recent Developm ents in Medical Device Softw are Overview of Mobile Medical Apps and

Recent Developm ents in Medical Device Softw are Overview of Mobile Medical Apps and Medical Device Data System s February 14, 2016 John Grimes, Ph.D. U.S. Food and Drug Administration Center for Devices and Radiological Health Office

727 views • 47 slides
The Convergence of The Convergence of Software in the Medical Software in the Medical Device

The Convergence of The Convergence of Software in the Medical Software in the Medical Device

The Convergence of The Convergence of Software in the Medical Software in the Medical Device Industry Device Industry Joseph Azary 203-944-9320 Info@azarytech.com FDA Regulations & Quality Requirements Clinical Sterilization FDA

872 views • 68 slides
How Business Management Platforms Improve Medical Device Manufacturing Operations Medical

How Business Management Platforms Improve Medical Device Manufacturing Operations Medical

How Business Management Platforms Improve Medical Device Manufacturing Operations Medical Devices Rose Wolfe Medical Device in The Connected World Account Manager Conference Keynote Presentation TOPICS MD Business MD ERP Management

257 views • 14 slides
MedAccred Sterilization (STN) Radiation and Ethylene Oxide Sterilization for Medical Device

MedAccred Sterilization (STN) Radiation and Ethylene Oxide Sterilization for Medical Device

MedAccred Sterilization (STN) Radiation and Ethylene Oxide Sterilization for Medical Device Manufacturing Critical Manufacturing Processes for the Medical Device Industry Mark Aubele Staff Engineer STN PRI, Senior Program Manager for

544 views • 35 slides
Medical Device Single Audit Program CAPT Kimberly Lewandowski-Walker FDA/ORA/Office of Medical

Medical Device Single Audit Program CAPT Kimberly Lewandowski-Walker FDA/ORA/Office of Medical

Medical Device Single Audit Program CAPT Kimberly Lewandowski-Walker FDA/ORA/Office of Medical Products and Tobacco Operations National Expert, Medical Devices 1 Objectives Introduction to MDSAP What is MDSAP? MDSAP Development

457 views • 31 slides
Medical device donations Presented By [Presenter Name] [Presenter Title] Date 1 | Medical

Medical device donations Presented By [Presenter Name] [Presenter Title] Date 1 | Medical

Medical device donations Presented By [Presenter Name] [Presenter Title] Date 1 | Medical Device Donations | 20 November 2015 Introduction This document covers: 1.Ensuring that the recipients are actively engaged in all stages of the donation

671 views • 20 slides
Update on medical device regulations Department of medical device registration China Food and

Update on medical device regulations Department of medical device registration China Food and

CHINA Update on medical device regulations Department of medical device registration China Food and Drug Administration 2013.11 Reorganization According to the decision of NPC and S tate Council, CFDA (China Food and Drug

881 views • 12 slides
Assessing and Understanding Patient Preferences in Medical Device Development: Webinar to the

Assessing and Understanding Patient Preferences in Medical Device Development: Webinar to the

Assessing and Understanding Patient Preferences in Medical Device Development: Webinar to the PCORI Ambassadors July 20, 2016 Heather Benz, PhD Medical Device Fellow External Expertise and Partnerships, Office of the Center Director, CDRH

485 views • 47 slides
Integrating Device Registries and Innovative Tools for Enhanced Medical Device Evaluation and

Integrating Device Registries and Innovative Tools for Enhanced Medical Device Evaluation and

Integrating Device Registries and Innovative Tools for Enhanced Medical Device Evaluation and Tracking An Update to the IMDRF Management Committee September 2015 Scope Evaluate, compare & contrast current approaches to international

457 views • 11 slides
Integrating Device Registries, UDI and Innovative Tools for Medical Device Evaluation An Update to

Integrating Device Registries, UDI and Innovative Tools for Medical Device Evaluation An Update to

Integrating Device Registries, UDI and Innovative Tools for Medical Device Evaluation An Update to the IMDRF Management Committee February 2015 Scope Evaluate, compare & contrast current approaches to international data models in different

482 views • 8 slides
Session B19: Regulatory updates from the TGA Medical Devices Branch Part 2 Dr Elizabeth

Session B19: Regulatory updates from the TGA Medical Devices Branch Part 2 Dr Elizabeth

Session B19: Regulatory updates from the TGA Medical Devices Branch Part 2 Dr Elizabeth McGrath Director, Medical Device Emerging Tech | Medical Device Reform Program Mimi Chu-Gourlay Assistant Director, Medical Devices Reforms Unit,

413 views • 22 slides
What is an Implantable Medical Device? The FDA strictly defines a medical device Neuro-

What is an Implantable Medical Device? The FDA strictly defines a medical device Neuro-

SoK: Security and Privacy in Implantable Medical Devices Michael Rushanan 1 , Denis Foo Kune 2 , Colleen M. Swanson 2 , Aviel D. Rubin 1 1. Johns Hopkins University 2. University of Michigan 0 This work was supported by STARnet, the Dept. of

384 views • 24 slides
Update on software as a medical device (SaMD) The TGA and IMDRF perspectives Patrick L OMeley

Update on software as a medical device (SaMD) The TGA and IMDRF perspectives Patrick L OMeley

Update on software as a medical device (SaMD) The TGA and IMDRF perspectives Patrick L OMeley Biomedical and Software Engineer Device Vigilance and Monitoring Section, Medical Devices Branch Medical Devices and Product Quality Division, TGA

1.29k views • 21 slides
DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek

DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek

DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek Supervisor: Stavros Konstantaras (AMS-IX) SNE: Research Project II 03-07-2018 Introduction D istributed D enial o f S ervice DDoS attacks on banks in

720 views • 33 slides
Carryover Requests and No Cost Extensions December 5, 2017 1:00 2:00 pm ET Introductions P

Carryover Requests and No Cost Extensions December 5, 2017 1:00 2:00 pm ET Introductions P

UCEDD Grants Management Series: Carryover Requests and No Cost Extensions December 5, 2017 1:00 2:00 pm ET Introductions P RESENTERS Dorothy Garcia Program Manager, UCEDD TA AUCD LaDeva Harris Grants Management Specialist

510 views • 15 slides
Training Advisory Committee (TAC) for SB 19-238 Meeting November 7, 2019 2:00 4:00 PM

Training Advisory Committee (TAC) for SB 19-238 Meeting November 7, 2019 2:00 4:00 PM

Training Advisory Committee (TAC) for SB 19-238 Meeting November 7, 2019 2:00 4:00 PM Clayton Learning 1 st Floor Meera Mani Room Facilitator: Government Performance Solutions, Inc. 1 Welcome Roll call, obj ectives, and agenda 2 TAC

528 views • 23 slides
IEEE- SA (Standards Activity) FIPA ROFS-SG (Review of the FIPA Specifications - Study Group)

IEEE- SA (Standards Activity) FIPA ROFS-SG (Review of the FIPA Specifications - Study Group)

IEEE- SA (Standards Activity) FIPA ROFS-SG (Review of the FIPA Specifications - Study Group) Presentation Stefan Poslad, Queen Mary Uni. London Email: fipa-rofs-chair@ieee.org Edinburg, FIPA meeting cohosted 2006-09-13 with CIA 2006 1

171 views • 13 slides
ANTERIOR CRUCIATE LIGAMENT RE- INJURY Sam Feldpausch, Jeff King, Seth Lashuay, McKenna Mathis

ANTERIOR CRUCIATE LIGAMENT RE- INJURY Sam Feldpausch, Jeff King, Seth Lashuay, McKenna Mathis

KNEE BRACE FOR PREVENTION OF ANTERIOR CRUCIATE LIGAMENT RE- INJURY Sam Feldpausch, Jeff King, Seth Lashuay, McKenna Mathis PROBLEM/PURPOSE Problem : Re-injury post ACL reconstruction when athletes return to sport Purpose : To evaluate the

522 views • 15 slides
Do Pa tie nts with De pre ssio n o r Anxie ty E xpe rie nc e Gre a te r L e ve ls o f Pa in

Do Pa tie nts with De pre ssio n o r Anxie ty E xpe rie nc e Gre a te r L e ve ls o f Pa in

Do Pa tie nts with De pre ssio n o r Anxie ty E xpe rie nc e Gre a te r L e ve ls o f Pa in Ca ta stro phizing ? Me g a n Simo n MA, L AT , AT C, OT C PI : Jo hn Xe ro g e a ne s, MD, Je nnife r Hunnic utt, PhD BACKGROUND Hig h c o

420 views • 14 slides
Nursing Grand Rounds Point of Care Scholars: Filling the Gaps in Evidence with Research

Nursing Grand Rounds Point of Care Scholars: Filling the Gaps in Evidence with Research

7/24/2014 Nursing Grand Rounds Point of Care Scholars: Filling the Gaps in Evidence with Research Christin Zwolski DPT, PT, OCS Deborah Williams RN, CNOR Jennifer Bekins MS, CCC-SLP Objective Discuss newly discovered gaps in nursing and

618 views • 23 slides
Finding the Best Injury Risk Assessment for the Lower Extremities By Antonio Calderon Dr. Raoul

Finding the Best Injury Risk Assessment for the Lower Extremities By Antonio Calderon Dr. Raoul

Finding the Best Injury Risk Assessment for the Lower Extremities By Antonio Calderon Dr. Raoul Reiser-Colorado State University Dr. Emilie Gray-Colorado College Sports Injuries: An Epidemic Huge cost and burden $1.8 billion/year in

284 views • 24 slides

More recommend