Risks

 


42. Are there wireless devices for which a communication failure can interrupt patient care? 

Yes. Communication failure for any device that requires connectivity to fulfill its intended use could adversely affect patient care. Devices on which clinicians depend for patient care should be considered as part of an overall risk management strategy. Medical devices that use data for “real time monitoring” such as a vital signs monitor have a high risk factor for patient safety if the data stream is interrupted. NOTE: For a correctly designed medical device with FDA clearance, no medical device connectivity issue may directly result in harm to the patient. 


43. What are the hazards for a wireless medical device and for a clinical wireless network? Where can I go to learn about risk mitigation strategies? 

Hazards may be generally classified in three areas: internal issues, communication issues, and security threats. Internal issues are the responsibility of the supplier: either the MDM or the infrastructure provider. These include hardware failures, software failures, and software updates. Communications issues like delayed data transmission can result in delayed alarm notifications, which can in turn cause harm to the patient. Security threats are a joint responsibility of the HDO and the supplier. A security vulnerability may expose more than just that device and its data; it may also compromise the security of the network, application, or protocol involved. 

The supplier should:
  • Provide timely updates and a secure method to upgrade software.
  • Ensure no known vulnerabilities exist in the software, e.g., by checking the NIST National Vulnerability Database, running penetration tests, and performing negative testing.

The HDO should:
  • Purchase devices with the strongest security implementation that is available for the technology and appropriate to the application and the data assets stored and transmitted. For Wi-Fi, 802.1x authentication and AES encryption should be used or a justification made if not. For Bluetooth, the strongest encryption and authentication mode should be used or a justification made if not.
  • Ensure they are abiding by best security practices provided by the MDM, including enterprise-class authentication and encryption for Wi-Fi devices.
  • Provide a method for device software to be securely upgraded.
  • Keep the wired and wireless networks secure.

ANSI/AAMI/ISO 14971 and ANSI/AAMI/IEC 80001-1 are excellent reference documents on how to conduct a risk analysis. Risk control measures for wireless devices are covered in section 8 of TIR80001-2-3. For more information and examples, see Appendix D, Example of Risk Analysis and Risk Mitigation for a Medical Device Using a Wireless Network. For more detail on mitigating cybersecurity risks, please see the Security section. 


44. What are some of the common hazards encountered on the 802.11 wireless network?

Common hazards include:
  • Exceeding the threshold for the number of devices per wireless AP
  • Interference from BYOD patient devices brought into the hospital
  • Failure of IT switch, router, or wireless controller
  • Ethernet cable unplugged (often on an AP)
  • Insufficient PoE (Power over Ethernet) from the data closet switch
  • Configuration changes to the wireless network, including AP power and channels
  • Firmware upgrade to network resulting in undocumented bugs
  • APs vacating DFS channels when a radar signature is detected
  • Power surges/power outages
  • Failure to properly configure and test controller/AP configuration