Monday, April 5, 2010

Security Standards for Implantable Medical Devices

Following an attack that contaminated bottles of Tylenol and killed 7 people in 1982, the medical community -- including doctors, regulators, legislators, and manufacturers -- forever changed the way medicines are handled to secure the medical supply chain. Out of this process, we got the child-proof (and sometimes, adult-proof!) lids and tamper-resistant seals that those taking medicine deal with on a daily basis.

The state of implantable medical device computer security (and privacy) today parallels that of the 1980's drug supply, and needs similar protection and regulation innovation. A new paper from the MDSC explains the risks and offers some steps forwards towards "develop[ing] a security paradigm for medical devices that welcomes important technological advances while ensuring the well-being of millions of medical-device recipients."

Sunday, March 7, 2010

Assistant/Associate Professor Position in Health IT and/or Security

The MDSC received the following post regarding an open faculty position in Health IT/security.

Computing and Information Sciences
Kansas State University
Assistant/Associate Professor Position in Health IT and/or Security
The department of Computing and Information Sciences at Kansas State University invites applications for a tenure track position beginning in Fall 2010 at the level of assistant or associate professor from candidates working in the areas of health information technology and/or security. For the area of health care, we seek candidates working on designing improved health care systems which ensure patient safety, preserve privacy of data, establish high-assurance information infrastructure, and provide automated decision support capabilities. Preference will be given to candidates who will compliment the existing areas of strengths of the department which include enterprise system security, medical data privacy, language-based security, high assurance systems, medical device plug-n-play interoperability, medical device integration frameworks, and health information management. Applicants must be committed to both teaching and research. Applicants should have a PhD degree in computer science or related discipline; salary will be commensurate with qualifications. Applications must include descriptions of teaching and research interests along with copies of representative publications.

Kansas State University is committed to the growth and excellence of the CIS department. The department offers a stimulating environment for research and teaching, and has several ongoing collaborative projects involving researchers in different areas of computer science as well as other engineering and science departments. The department has a faculty of nineteen, more than 100 graduate students, and 250 undergraduate students and offers BS, MS, MSE, and PhD degrees. Computing facilities include a large network of servers, workstations and PCs with more than 300 machines and a Beowulf cluster with 1000+ processors. The department building has a wireless network and state-of-the-art media-equipped classrooms. The department hosts several laboratories for embedded systems, software analysis, robotics, computational engineering and science, and data-mining. Details of the CIS Department can be found at the URL

Kansas State University is an Equal Opportunity Employer and actively seeks diversity among its employees. Paid for by Kansas State University. Background check required.

Thursday, March 4, 2010

Treatment and privacy: not a zero-sum game

Last week, an article in the New York Times' Health section quoted Dr. Cara Litvin on electronic medical record privacy:

Privacy concerns have been the main deterrent to “wiring” medical records. But Dr. Litvin notes that the information is password-protected, and that insurers and employers would not have access to a patient’s electronic medical record unless the patient authorized it. “The benefits to providing quality medical care way outweigh any privacy issues,” she said.

Statements like that are catnip to privacy researchers. Dr. Litvin deserves the benefit of the doubt with respect to her intentions, but the notion that high-quality care and privacy are opposed to each other -- as her statement suggests -- is worth some critical consideration.

It's easy to see things from a doctor's perspective. A doctor's mandate is to heal, and in life-and-death cases, ease of access to patient records can make a critical difference. Measures meant to provide privacy should not hinder treatment in such cases; a patient whose life is at stake would probably agree. A fundamental principle is that the person providing critical care should not be stymied by technological obstacles.

But let's consider cases that don't involve life-and-death urgency. These cases are the more interesting ones from a privacy perspective, and the guiding principle of privacy mechanism design here is more slippery. It's something like this: the person providing care should have access to the information that is relevant to her decisions; nobody else should have any more information than is absolutely necessary for administrative purposes. Privacy measures are meant to protect patients from electronic security breaches -- i.e., from the sorts of problems that arise when intruders harvest lots of records at once, or when a determined attacker obtains one or more specifically chosen records. If we don't do a good enough job implementing security and privacy, such breaches can result in the permanent, irrevocable exposure of information pertaining to people who do not want that information to be public. Patients deserve high-quality care and data privacy.

Electronic medical record breaches open the door to new kinds of discrimination. Imagine a healthy person losing a job opportunity because her family history suggests an elevated risk of a debilitating disease. Imagine embarrassing disclosures based on prescription drug
information. Imagine insurers -- let's assume for a moment that not every insurer is scrupulous -- basing payment decisions on information they are not legally allowed to see. Designing mechanisms to defend against such breaches is an area of active research whose heyday is approaching.

Wednesday, March 3, 2010

ORNL hiring in medical device security

We have received word that the Cyberspace Sciences and Information Intelligence Research Group (try saying that five times fast -- or just call it CSIIR) at Oak Ridge National Laboratory is hiring. From their projects page:

By 2030, there will be 171 million Americans with chronic conditions (18% jump from 2010). With a larger aging population (77% of Americans 65+ have two or more chronic conditions), companies are beginning to help patients remotely. However, as features are added to medical devices (e.g., remotely checking heart information), this creates possibilities for attack. MDS will help protect lives by protecting the medical devices on which these lives depend.

Wednesday, February 24, 2010

HealthSec 2010 submissions due April 9, 2010

Here's a venue for your bold ideas about electronic medical records, device-mediated patient privacy, security policy related to medical information, wireless implantable medical devices, and other research topics in that vein (pun intended). The first USENIX Workshop on Health Security & Privacy (HealthSec 2010) will be co-located with USENIX Security 2010 in sunny Washington, DC. Here are the essential details:
  • Call for Papers (PDF version)
  • Workshop date: August 10, 2010
  • What to submit: A two-page position paper concerning the security and privacy of health information technology
  • By when: April 9, 2010, 11:59 p.m. PDT
  • Notification date: May 28, 2010
  • Go here on August 10: Washington Marriott Wardman Park, Washington, DC

The program chairs are Kevin Fu (UMass Amherst), Tadayoshi Kohno (U. Washington), and Avi Rubin (JHU). According to the CFP:
HealthSec is intended as a forum for lively discussion of aggressively innovative and potentially disruptive ideas on all aspects of medical and health security and privacy. A fundamental goal of the workshop is to promote cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy. Surprising results and thought-provoking ideas will be strongly favored; complete papers with polished results in well-explored research areas are comparatively discouraged. Position papers will be selected for their potential to stimulate or catalyze further research and explorations of new directions, as well as for their potential to spark productive discussions at the workshop.

As Kevin noted in his blog post announcing the workshop, the HealthSec program committee features members from academia (computer science, social science and medicine), industry, and government -- so no idea is too wacky or too pragmatic!