Back to Top Skip to main content

Army medical device cyber team balances benefits and risks of technology

An Army medic positions a patient for a CT scan, which helps radiologists diagnose different types of disease and injuries. Medical devices, such as radiology imaging systems, must now go through a cybersecurity validation process in order to connect to military networks (U.S. Army photo by Staff Sgt. Evelyn Chavez) An Army medic positions a patient for a CT scan, which helps radiologists diagnose different types of disease and injuries. Medical devices, such as radiology imaging systems, must now go through a cybersecurity validation process in order to connect to military networks (U.S. Army photo by Staff Sgt. Evelyn Chavez)

Recommended Content:

Technology

Access to advanced medical care directly supports the readiness of the Army's Warfighters by ensuring troops are fit and healthy on and off the battlefield.

Modern medical devices help the Army provide and sustain essential Soldier support; however, this same technology also poses an inherent risk.

Almost all newer medical devices contain some type of computer technology. If a medical device doesn't connect directly to a network, it is remotely or wirelessly accessible. These factors make medical devices potentially susceptible to intrusion from a hacker.

Experts warn hackers could exploit technology vulnerabilities within medical devices to either harm patients, steal private health care information and data, or gain "back door" entry to the wider DoD network.

At the U.S. Army Medical Materiel Agency, a subordinate organization of the U.S. Army Medical Research and Materiel Command, a team of medical technology experts comprise a cybersecurity cell created in early 2017. This team, part of the Integrated Clinical Systems Program Management Office, focuses on ensuring medical devices used by the military comply with strict DoD cybersecurity standards.

"The frequency and severity of cybersecurity attacks against the medical community will continue to rise until medical device manufacturers make security a top priority," explained USAMMA's Medical Device Cybersecurity Chief Andrew McGraw.

McGraw said that simply not connecting medical devices to the network isn't the best solution. Most modern medical devices, such as computed tomography (CT) scanners, are designed to connect to hospital networks. Network connection allows clinicians to access previous test results or upload images directly to the patient's electronic health records.

To maintain those capabilities, McGraw and his team work to ensure each medical device passes a robust security certification process to reduce the security vulnerabilities of commercially developed medical devices purchased and used by the Army.

"We believe in taking a proactive approach to cybersecurity," said McGraw. "We work with medical device manufacturers to reduce cybersecurity risks, so we can continue to leverage advanced medical technology."

To protect the network, DoD officials enforce strict cyber standards on all information technology. Medical devices, however, are not "information technology," explained McGraw. Rather, they are "medical technology." It is a subtle yet significant difference.

Information technology includes computers and supporting equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services and related resources.

Medical technologies are single purpose systems intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment or prevention of disease.

Understanding this difference is important, said McGraw, because Federal Acquisition Regulation 2.1 excludes medical equipment from being classified as information technology. However, often medical technology is still held to the same strict standards as IT.

McGraw said that cybersecurity in health care delivery must be a balancing act. Too strict of a security requirement results in the continued use of antiquated and technologically outdated medical devices. Too lax of a security requirement results in greater risk.

"The requirement to secure the network and patient data needs to be weighed against the medical mission and the ability to provide best in class medical care to the Warfighter," McGraw said.

One process that helps the Army navigate through that balancing act is the Risk Management Framework process. The RMF approach to security control considers effectiveness, efficiency and constraints due to applicable laws, directives, executive orders, policies, standards or regulations.

In 2014, the DoD began adopting RMF as a replacement to the DoD Information Assurance Certification and Accreditation Process. Army networks began getting Authority to Operate (ATO) under RMF in 2016.

By 2017, the Army received ATO under RMF for its first medical device – a portable digital radiography system designed for use on the battlefield.

"This was a huge win for the Army, USAMRMC, and USAMMA," said ICS Project Manager Terri Pryor, who manages the medical device cybersecurity cell. "However, it is not a quick, simple or low-cost process."

Under current policy, RMF is a mandatory process for all medical devices on the DoD network, which includes not only new purchases but also all medical devices already in use. Pryor and others are concerned that the current process could create a significant issue for military medical care – forcing some devices off the network. Additionally, if a device can't pass the process, the Army might have to replace medical devices – which would otherwise be in good working order – before the end of their lifespans, which are typically 10 - 12 years.

"Is cybersecurity of medical devices important? Absolutely. Is there possibly a more streamlined approach to achieve our end goals? We think so," said McGraw.

To that end, USAMMA's medical device cybersecurity cell has been exploring the possibility of a "black box" solution that they believe could greatly reduce the number of security steps they have to take to gain ATO under RMF. The solution they are exploring works through a process called microsegmentation, which would allow an organization to isolate mini-networks within the larger network.

"Traditional security firewalls work like a fence to protect critical assets. But hackers have gotten pretty good at defeating these perimeters," said McGraw. "With microsegmentation, instead of one fence, we would have hundreds or thousands of smaller fences."

McGraw explained that actions such as running vulnerability scans or pushing IT updates on medical devices while they are in use could shut them down and affect patient care. Experts are also concerned that some security patches, designed and tested for DoD computers and not medical technology, could cause medical devices to malfunction.

"We don't just look at this from the perspective of protecting the network because we have to consider the potential impact to patient care," said McGraw. "So, in many ways, we have to protect the network from the device and, at the same time, we have to protect the device from the network."

The "black box" solution is one of many solutions being explored by McGraw and his team, who work closely with network security experts throughout DoD and the Defense Health Agency. While no specific solutions has been agreed upon just yet, the team remains focused on their mission.

McGraw added, "We take great pride in knowing that the work we do helps put life-saving tools into the hands of Soldiers, ultimately saving lives."

Disclaimer: Re-published content may have been edited for length and clarity. Read original post.

You also may be interested in...

No Patient Left Behind

Photo
7/26/2017
Army Col. Rich Wilson (left) moderates a panel discussion with current and former program managers from the Defense Health Agency's Solution Delivery Division. The panel, titled No Patient Left Behind: Leveraging Partnerships for Change, discussed the importance of supporting patient care during modernization as the MHS transitions legacy applications to new systems. Focusing on enterprise planning, patient risk mitigation, and the balance of investment, the panel discussed the importance of positive government and vendor relationships and ways to apply past experiences to build strategies for success in the future.

Army Col. Rich Wilson (left) moderates a panel discussion with current and former program managers from the Defense Health Agency's Solution Delivery Division. The panel, titled No Patient Left Behind: Leveraging Partnerships for Change, discussed the importance of supporting patient care during modernization as the MHS transitions legacy applications ...

Recommended Content:

Technology

Health IT team working on creating an information ecosystem

Article
7/25/2017
Health IT team working to create ecosystem of information for patients, providers.

Highly interactive environment benefits patients, providers

Recommended Content:

Technology | Innovation

Military Health System Data Repository (MDR)

Fact Sheet
7/19/2017

The MDR is the centralized data repository that captures, archives, validates, integrates and distributes Defense Health Agency (DHA) corporate health care data worldwide.

Recommended Content:

Technology | MDR, M2, ICDs Functional Support

Army supporting clinical trial testing hemorrhage control foam

Article
6/14/2017
Exsanguination, or bleeding to death, remains the most common cause of potentially survivable death to wounded warfighters. The Army is looking at this device as a potential stop-gap for patients awaiting surgical care. It could be a 'bridge to surgery,' keeping the patient alive long enough to give them a fighting chance at survival. The device resembles a caulk gun that contains expandable foam designed to be injected into a patient by a trauma surgeon. (U.S. Navy phot by Lt. j.g. Haraz  Ghanbari)

The Army is supporting a pivotal clinical trial to test the safety and effectiveness of a self-expanding foam device to stop massive intracavitary abdominal bleeding

Recommended Content:

Technology | Innovation

Military telepain clinics in D.C. area help patients manage pain

Article
6/7/2017
Dr. Christopher Spevak, director of the opioid safety program for the National Capital Region in and around Washington, D.C., uses the telehealth equipment at Walter Reed National Military Medical Center, Bethesda, Maryland. (DoD photo by Kalila Fleming)

Being able to see your doctor without being in the same room, or even the same hospital, is giving some Military Health System beneficiaries more access to care; and it’s helping the MHS manage its opioid usage

Recommended Content:

Technology | Military Hospitals and Clinics

Airmen, Sailors support life-saving mission

Article
5/25/2017
Air Force Staff Sgt. Angel Figueroa, 18th Medical Operations Squadron technician, (left) and Maj. Melissa Dassinger, 18th Aerospace Evacuation Squadron Training Flight commander, test a “Giraffe” omnibed at Kadena Air Base, Japan. A C-17 Globemaster III can be equipped with materials and systems required to transport injured patients across great distances quickly and safely. (U.S. Air Force photo by Senior Airman Quay Drawdy)

Airmen and Sailors worked together to outfit a C-17 Globemaster III with life-saving equipment

Recommended Content:

Military Hospitals and Clinics | Innovation | Technology

New medical practice restores function for trauma, cancer patients

Article
5/18/2017
Army Lt. Col. Owen Johnson III (left), chief, Plastic and Reconstructive Surgery Service, and Dr. Khang Thai, plastic surgeon, WBAMC, utilize a microscope during a microvascular transplant or "free flap" surgery as part of WBAMC's Reconstructive Microsurgery Program. Reconstructive microsurgery is a new practice to WBAMC and includes the autologous transfer of tissue, nerves and bone to trauma, cancer, or birth-related defected areas of patients, restoring function to the affected area. (U.S. Army photo by Marcy Sanchez)

The launch of the Reconstructive Microsurgery Program is the latest in reconstructive surgery advances

Recommended Content:

Innovation | Technology | Military Hospitals and Clinics | DoD/VA Sharing Initiatives

Innovative scanner designed to save Marines' lives on the battlefield

Article
5/15/2017
Mark Urrutic, project officer for Family of Field Medical Equipment Team at Marine Corps Systems Command, uses an Infrascanner to locate a simulated hematoma on a mannequin's skull. The Infrascanner is a portable, medical diagnostic device that provides early detection of intracranial hematomas-or bleeding within the skull-in the field, potentially saving lives and improving casualty care and recovery. (U.S. Marine Corps photo by Ashley Calingo)

The Infrascanner is a portable, medical diagnostic device that provides early detection of bleeding within the skull, in the field

Recommended Content:

Traumatic Brain Injury | Technology | Innovation

Belvoir Hospital offers cutting-edge liver cancer treatment

Article
4/25/2017
For patients battling cancer, quality of life is most often achieved through treatment options. At Belvoir Hospital, a new localized option – the first of its kind for any military hospital on the East Coast – is giving patients with liver tumors another choice to enhance their quality of life. (Department of Defense photo by Reese Brown)

Belvoir Hospital is giving patients with liver tumors another choice to enhance their quality of life

Recommended Content:

National Capital Region (J11) | Military Hospitals and Clinics | Quality and Safety of Health Care (for Healthcare Professionals) | Technology

MHS GENESIS Brand Style Guide, Version 12.0

Publication
4/21/2017

The purpose of this style guide is to establish the MHS GENESIS brand guidelines and educate its users to observe the brand standards. Branding is a key supporting element for communication, training and deployment activities.

Recommended Content:

Military Health System Electronic Health Record | Technology | MHS GENESIS Branding

Keesler Medical Center surgeons implant Air Force's first Micra Pacemaker

Article
4/21/2017
Air Force Lt. Col. (Dr.) Matthew Hann, 81st Medical Operations Squadron interventional cardiologist, inserts a Micra Transcatheter Pacing System at the Keesler Medical Center. Keesler is the first Air Force hospital to offer the world’s smallest pacemaker for patients with bradycardia. (U.S. Air Force photo by Kemberly Groue)

Pacemakers are the most common way to treat bradycardia and restore the heart's normal rhythm by sending electrical impulses to increase heart rate

Recommended Content:

Technology | Military Hospitals and Clinics

David Grant Medical Center first Air Force hospital to receive advanced birthing simulator

Article
4/20/2017
Medical staff conduct training on the new Complicated OB Emergency Simulator at Travis Air Force Base, California.  Travis has been selected by the Defense Health Agency as one of five installations within DoD to be a pilot base for the new system. The system will provide a standardized platform for training for all levels of clinical staff to promote standardization on patient safety. (U.S. Air Force photo by Louis Briscese)

The Defense Health Agency purchased five of the simulators for the Department of Defense and chose Travis as the pilot base for the Air Force to provide the training and necessary feedback

Recommended Content:

Military Hospitals and Clinics | Quality and Safety of Health Care (for Healthcare Professionals) | Children's Health | Women's Health | Technology

Army modernizes portable battlefield radiography system

Article
4/14/2017
U.S. Army Medical Materiel Agency Equipment Specialist Diego Gomez-Morales demonstrates the new Portable Digital Radiography System that will replace two aging devices, including an X-ray generator and an accompanying computerized reader system. The PDRS combines these capabilities into a single lightweight X-ray unit intended for use by deployed medical, Special Operations and Mortuary Affair Army units. (U.S. Army photo by Ellen Crown)

The U.S. Army Medical Materiel Agency will soon field the PDRS to the Army to replace two aging devices, including an X-ray generator and an accompanying computerized reader system

Recommended Content:

Technology

Keesler surgeons perform first robotic surgery in Air Force

Article
4/6/2017
Members of the 81st Surgical Operations Squadron perform the first robotic surgery in the Air Force at Keesler Air Force Base, Mississippi. Using robotic surgery decreases risk of surgical sight infections while giving the surgeon better visibility and dexterity while operating, which improves the overall surgical procedure. (U.S. Air Force photo by Senior Airman Jenay Randolph)

Surgeons used the da Vinci Xi robot to perform a robotic ventral hernia repair

Recommended Content:

Military Hospitals and Clinics | Technology

Walter Reed makes new leadless pacemaker available to military patients

Article
3/13/2017
Surgeons at Walter Reed National Military Medical Center implant the leadless pacemaker. (U.S. Army photo)

Doctors at Walter Reed National Military Medical Center are implementing the leadless pacemaker

Recommended Content:

Military Hospitals and Clinics | Innovation | Technology | Quality and Safety of Health Care (for Healthcare Professionals)
<< < 1 2 3 4 5  ... > >> 
Showing results 61 - 75 Page 5 of 8

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing: Download a PDF Reader or learn more about PDFs.