Department of Homeland Security: Networked Medical Devices (Mobile Health) Best Practices

1. Purchasing only those networkable medical devices which have well documented & fine-grained security features available, & which the Medical IT network engineers can configure safely on their networks
2. Including in purchasing vehicles vendor support for ongoing firmware, patch, and antivirus updates where they are a suitable risk mitigation strategy
3. Operating well maintained external facing firewalls, network monitoring/intrusion detection techniques, & internal network segmentation, containing the medical devices, to the extent practical
4. Configuring access control lists (ACL) on these network segments so only positively authorized accounts can access them
5. Establishing strict policies for the connection of any networked devices such that no access to networked resources is provided to unsecured and/or unrecognized devices
6. Establishing policies to maintain, review, and audit network configurations as routine activities when the Medical IT network is changed
7. Using the principle of least privilege to decide which accounts need access to specific medical device segments, rather than providing access to the whole network
8. Implementing safe and effective, but legal patch and software upgrade policies for Medical IT networks which contain regulated medical devices
9. Securing communications channels, particularly wireless ones, by the use of encryption and authentication at both ends of a communication channel
10. Having and enforcing password policies to protect patient information

Source: United States Department of Homeland Security
Source URL: http://info.publicintelligence.net/NCCIC-MedicalDevices.pdf

Printer-friendly versionSend to friendmore...