Skip to main content
  • Feature Story

UL and the VA join together to make data sharing more secure

medicaldevices

November 8, 2016

Healthcare has fundamental issues that are wide reaching such as the staggering rise in costs, coverage for patients in need, and evaluating the aging population who have increasing care needs. One other concern with today’s healthcare system is ensuring there are enough physicians or providers to deliver needed services.

The U.S. government recognized this lack of available care and high expense as serious issues and began looking at them globally. Researchers believed that one way to improve healthcare was to also improve medical technology by making it more accessible via mobile tools. Telemedicine is one example in which technology began creating efficiencies for treating patients. As the cell phone market became more sophisticated, so did the application software that physicians and other healthcare workers use when providing care.

The increased availability of computing technology has made it easier to provide healthcare consultations, get advice, make diagnoses, and provide treatment. It has also brought concerns about security of the information being shared and interoperability among devices. The risk of sending and gathering data has become more of a concern as malware has become more common.

Healthcare is especially vulnerable to cyberattacks because medical devices are durable by design, and often remain in use long after their underlying software goes out of support. Additionally, many devices were designed before there was widespread awareness of the cybersecurity threat that institutions now face. Finally health records have proven to be especially attractive to identity thieves. Just this year, at least two major medical systems suffered ransomware attacks.

Another growing area of interest is medical device interoperability, which is the ability to safely, securely, and effectively exchange and use information among one or more devices, products, technologies, or systems. As electronic medical devices become increasingly connected to each other and to other technologies, the ability of connected systems to safely, securely and effectively exchange and use the information becomes critical.

In June 2015, UL and the U.S. Department of Veteran Affairs (VA) signed a Cooperative Research and Development Agreement (CRADA) to improve cybersecurity standards and certification approaches for medical devices. The VA is the largest healthcare provider in the United States and treats a diverse population and health issues. The goal of the partnership is to help researchers understand needs and safety issues when it comes to technology.

“Connectable medical devices and data systems are susceptible to cybersecurity attacks, putting both patient safety and patient health information at risk,” says Anura Fernando, UL Principal Engineer for Medical Software & Systems Interoperability. “The CRADA is investigating different ways to close the gap that exists in the marketplace over cybersecurity standards and practical certification approaches as they apply to connectable devices.”

“Working together with the VA, we will contribute to industry-wide situational awareness of both medical device vulnerabilities and threats,” said Fernando. “We believe that this project will positively impact the direction that manufacturers take in improving the overall security posture of medical cyber assets.”

Interoperable devices that have the ability to share information across systems and platforms can improve patient care, reduce errors and adverse events, and encourage innovation. UL and the VA hope to improve patient safety and security by focusing on building standards and practices for connectable medical devices, medical device data systems, and other health information technology.

The healthcare industry is projected to spend an estimated $1 billion (USD) on cybersecurity in 2016 because hospitals and healthcare providers are now major targets for hackers and other cybercriminals.

As the cost of addressing data breaches in the healthcare industry also continues to rise, Fernando hopes that the CRADA will help improve cybersecurity protection and allow U.S. veterans and other patients to receive healthcare in innovative new ways, with confidence in the safety and security of the technologies being used.