The IEEE SA (Wearables and Medical IoT Interoperability & Intelligence) WAMIII Virtual Talk Series, a global interactive platform bringing experts and participants from all over the world to provide insight, engage in idea sharing, and develop solutions for the technical challenges for connected wireless medical devices in, around, and on us. The series launched on 26 March 2020 and includes live sessions each week where broadcasts occur on Wed, thurs or friday. Further the broadcasts include live Q&A with the audience at the end of the speaker/interview presentation. Ultimately the goal of the series is to bring more professionals from the global community to engage, learn about current IEEE standards, and hopefully get involved (either in existing groups or instantiating new projects).
Session 8: What Medical Device Vendors Can Learn From Past Cybersecurity Vulnerability Disclosures.
DATE: 01 MAY 2020 [FRIDAY]
TIME: 12:00 AM Singapore Local Time
Vidya Murthy, MedCrypt
Kate Schneiderman, Marketing Analyst, MedCrypt
In 2016, the United States Food and Drug Administration (FDA) released a guidance document entitled Post-Market Management of Cybersecurity in Medical Devices, in which the FDA makes several recommendations to medical device vendors and healthcare delivery organizations on how to manage the cybersecurity risk that connected medical devices introduce. One of the recommendations is for device vendors to participate in “threat sharing”, in which information about security vulnerabilities is shared with the medical device community via Information Sharing Anal- ysis Organizations (ISAO). Two of the presumed benefits of threat sharing are that 1) industry stakeholders have the information necessary to minimize their cybersecurity risk and 2) other medical device vendors can use this information to prevent their products from having the same or similar vulnerabilities. Assessing medical device vulnerabilities disclosed, we will discuss trends in vulnerability disclosures, status of the current regulatory environment and best practices identified to be proactively secure.
Sessions on Demand
Session 1 : Blockchain and smart contract security in practice
Dr.Sebastian Banescu, Senior Research Engineer, Quantstamp
Blockchain and DLT-based applications are often assumed to be secure by design, and by using such technologies one can effortlessly secure the application they are building. However, this is far from the truth. Numerous vulnerability types may be present in such applications, e.g. reentrancy, front running, time manipulation, access control, arithmetic issues, etc. In this webinar we will take an example based approach to learning about vulnerabilities in blockchain applications. More importantly, we will discuss best practices about how to detect such vulnerabilities and minimize the impact of a hack.
Session 2 : The Knowledge Model
Ron Schilling, Director CEO Coach, EchoPixel and Histolix
The Knowledge Model is a framework for thinking. It is focused on increasing the interoperability driven enterprise to achieve increased patient outcomes. Knowledge, comprised of cognitive and intuitive factors requires balance as noted in the quote by Albert Einstein, “The intuitive mind is a sacred gift and the cognitive mind is a faithful servant. We have created a society that honors the servant and has forgotten the gift.” With appropriate balance, significant gains in patient outcomes have been demonstrated.
Session 3 : Cracking the Code on Medication Adherence with an Ingestible Sensor
Erick Buffkin, etectRX
etectRx will discuss the recently FDA-cleared ID-Cap system for tracking medication adherence as an application of ingestible sensors. The session will also describe the technology platform upon which the system is built – eBurst.
Session 4 : Overview of Medical Device Communication Test Methods and the NIST Test Framework
John J. Garguilo, Supervisory Computer Scientist, National Institute of Standards and Technology (NIST)
NIST Computer Scientist John J. Garguilo will provide an overview of activities regarding medical device communication landscape, standards development, and domain development efforts to effect safe, semantically reliable, and verifiable data communications (primarily) from the medical device point-of-care to the healthcare “enterprise”. Mr. Garguilo will discuss several prominent and current standards activities and medical device domain development efforts to produce common “device profiles” derived from high-impact use cases and via the NIST Test Framework – a set of test tools leading to standards-based test instances. Such tooling advances the level of rigor and provides a “single source of truth” based on Health Level Seven (HL7.org) messaging standards and the IEEE SA (standards.ieee.org) medical device communication nomenclature and domain information models. Mr. Garguilo will also provide an overview of the freely and publicly available NIST Test Framework components which contribute to common use and device conformance leading to interoperability.
Session 5 : TIPPSS for Connected Healthcare – Trust, Identity, Privacy, Protection, Safety, Security
The increasingly connected healthcare world including clinical Internet of Things (IoT) devices is creating great opportunity for improved data sharing, better access to information, and deployment of devices to extend and improve healthcare. There is also increased risk. We will discuss the challenges in Trust, Identity, Privacy, Protection, Safety and Security of devices, data, and patients, and the standards efforts working to address these issues.
Session 6 : Unique Device Identification (UDI) Across The Device Landscape
Terrie Reed, Principal, Reed McCullough LLC
Ken Fuchs, Sr., Standards Consultant, Draeger Medical Systems, Inc
This session will discuss the current status of the US and Global UDI System, how UDI continues to be integrated into public policy, software applications, data and device communication standards to enhance data used for supply chain, clinical and regulatory decision making. In 2013 the FDA published the UDI regulation requiring device manufacturers to apply a unique device identifier to the label of most medical devices and to submit data to the FDA’s Global Unique Device Identification Database. AccessGUDID, the public portal for GUDID, contains over 2.5 million device model records. Vendors are beginning to take advantage of this global identifier, scanning the UDI to reduce patient exposure to expired and recalled product and to monitor long term outcomes. While there is no specific requirement that UDI be integrated into personal health or point of care devices, it is clear that in order to better track use of these devices, UDI data must flow smoothly from these devices to consuming applications this needs to be accomplished. Fortunately, standards from ISO/IEEE 11073 and IHE PCD are already well positioned for this eventuality and will be discussed.
Session 7 : Self-Powered Wearable Devices and Sensing Systems from the ASSIST ERC
ASSIST is an NSF engineering research center (ERC) based at NCSU that is advancing self-powered and low-powered wearable devices and sensing systems. Application spaces include health & wellness, IoT, manufacturing, automobiles, and agriculture. The Center includes faculty and student researchers from 8 universities, along with representatives from over 25 member companies. Research follows 4 thrusts: 1) energy harvesting and storage; 2) low-power physiological, biochemical, and environmental sensing; 3) low-power electronics and radios; and 4) integration and testing. Adam will give an overview of the Center and highlight a few mature technologies developed at the Center, including a self-powered shirt transmitting electrocardiogram (ECG) wirelessly in real-time; low-power wrist-worn heart rate, environmental, and biochemical sensors; and sweat sampling and sensing technologies.
1. Gain exposure to technologies enabling self-powered sensing systems
2. Understand applications enabled by self-powered sensing systems
3. Become familiar with opportunities to engage with ASSIST