Methodologies and Tools for Securing Medical Device Systems in Integrated Clinical Environments (ICE)

Security considerations for dynamically composable Integrated Clinical Environments (ICE) are critical not only because laws such as the Health Insurance Portability and Accountability Act mandate it, but also because security attacks can have serious safety consequences for patients. Real-Time Innovations (RTI) proposes to model security requirements for a set of key care environments and comprehensively assess security risks for ICE deployments in each setting. Based on rigorous specification and analysis, RTI will propose security requirements to prevent or mitigate highest risks. RTI will intensively focus on the security threats, risks, and requirements associated with ICE Network Controller, which is the essential ICE communication platform. RTI will investigate how and to what extent the specified risks would be mitigated by using an ICE Controller that complies with the recently adopted Object Management Groups security specification for Data Distribution Service (DDS). RTI will further investigate how formally specified security properties for the ICE Network Controller could be used to generate security configurations for it. Furthermore, utilizing a close collaboration with our subcontractor, the Medical Device Plug-and-Play (MD PnP) Interoperability Program's lab at Massachusetts General Hospital, RTI will develop a proof-of-concept prototype, and evaluate it by presenting to clinical end-users and medical experts.