Defending medical information systems against malicious software

Abstract

Medical Information Systems (MedIS 1 1 MedIS generally includes all information systems directly employed in delivering health care. Examples include, but are not limited to, hospital information system (HIS), radiology information system (RIS), picture archiving and communication systems (PACS), imaging modalities, radiation therapy systems, cardiology information systems, and patient monitoring systems. ) of today are increasingly vulnerable to attacks by malicious software (or malware). Malware, also referred to as a virus or malicious logic, includes such things as Trojan horses, denial of service attacks, trap doors, time bombs, and worms. This white paper informs both vendors (manufacturers and integrators of MedIS) and users (e.g., hospitals and medical practices) about possible malware attacks and suggests ways to protect against them. Possible attacks make use of exploitable MedIS vulnerabilities. The vulnerability of a MedIS depends on the kind of physical and logical access available to users and on the kind of software running on it. Vendors and users must cooperate to meet the challenge of safeguarding the security and privacy of data in healthcare. In this white paper, the Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC) 2 2 NEMA is headquartered in the United States and is a trade association representing medical device and systems manufacturers, COCIR is the European, and JIRA is the Japanese trade association of such manufacturers. offers a list of recommendations for both vendors and users to make the MedIS they produce and operate more secure. Vendors should assure system integrity, employ defensive system design philosophies, host virus checkers where appropriate, respect the need for a proper configuration when offering virus checkers, offer security-relevant updates and technical assistance, respect regulatory and technological imperatives and restrictions. Users should use technical network defenses; prepare policies, procedures, and user training; restrict physical access whenever possible; reduce logical interconnections to the minimum; establish secure remote access for servicing; keep close contact with the vendor and; implement the Defense in Depth philosophy.