ECRI Institute Releases Guidance on How to Protect Your Medical Device Systems
The ECRI Institute released new guidance in its article: “Ransomware Attacks: How to Protect Your Medical Device Systems” on May 18, 2017. The report recommends various protective actions for hospitals to take and points to critical differences in the protection of medical device systems as opposed to general hospital systems.
According to the report, ransomware makes data, software, and IT assets unavailable to users. The report describes ransomware as using the encryption of data to hold systems hostage, where the hacker promises to give the victims access to their data if a ransom is paid. One previous ransomware example reported on the Knobbe Medical Device Blog was the WannaCry virus, a ransomware that caused disruptions for several hospitals in the United Kingdom. The International Business Times reported that security researchers had found that the WannaCry ransomware was not limited to computers but also capable of exploiting medical devices.
The ECRI Institute report explains that an IT department can use new security patches for some medical device systems; however, some systems will remain susceptible because they are based on an older version of an operating system and can’t be upgraded or they have not been validated for clinical use with the latest security patches.
The report includes a list of dos and don’ts for quickly responding to emerging threats. The “Dos” mentioned in the report include:
- Identify medical devices, servers or workstations that may be affected.
- Contact the device vendor.
- Request written copies of the manufacturer’s recommended actions for dealing with a current ransomware threat.
The “Don’ts” mentioned in the report include:
- Don’t overreact.
- Don’t install unvalidated patches. Unvalidated patches can make medical devices faulty or inoperable. Ask the manufacturer for documentation of the validation.
The ECRI Institute is a nonprofit organization that has its U.S. headquarters in Plymouth Meeting, Pennsylvania.
Respironics Files for Inter Partes Review of ZOLL Medical’s Patient Monitoring Patent
Respironics, Inc., a subsidiary of Koninklijke Philips N.V., filed a petition last Friday with the Patent Trial and Appeal Board requesting inter partes review of ZOLL Medical Corporation’s U.S. Patent No. 6,681,003 to Linder et. al. The petition identifies Koninklijke Philips as a real party-in-interest.
The ‘003 patent is entitled “Data Collection and System Management for Patient-Word Medical Devices.” The ‘003 patent relates to “a method and system of monitoring information received from a patient-word medical device.”
The petition seeks review of nine of the patent’s 35 issued claims. Eight of these nine claims identified in the petition have been asserted by ZOLL Medical against Respironics in a lawsuit filed in the U.S. District Court of Delaware. The amended complaint, filed on January 9, 2013, alleges that Respironics’s “patient medical monitoring and treatment systems and methods” including positive airway pressure devices, infringe the ‘003 patent.
Share