Philips RM US 0091 01A Data Security Lumfiy System Security?func=doc
Lumify System and Data Security Lumfiy_System_Data_Security?func=doc Lumify
User Manual: Philips Data Security Lumify
Open the PDF directly: View PDF 
.
Page Count: 18
| Download | |
| Open PDF In Browser | View PDF |
Shared Roles for
System and Data
Security
English
Lumify Ultrasound System
Contents
Contents
1
Introduction ............................................................................................................................................. 5
General Information ......................................................................................................................................... 6
2
Control of Security Vulnerabilities on Philips Ultrasound Products............................................................ 7
Strategy for Defense-in-Depth Security ............................................................................................................ 7
Regulatory Environment ................................................................................................................................... 8
Role of Philips in the Product Security Partnership .......................................................................................... 8
Security Issues and Guidelines........................................................................................................................ 10
Information-Maintenance Example................................................................................................................ 13
Assumptions About the Environment ............................................................................................... 13
Information Zones ............................................................................................................................. 13
Security Protection Software .......................................................................................................................... 15
Antivirus Scanning and Updates ........................................................................................................ 15
Backups and Archives ..................................................................................................................................... 16
Backup Procedure.............................................................................................................................. 16
Disaster Recovery Plans..................................................................................................................... 16
Philips Healthcare
4535 618 28131_A/795 * NOV 2015
Role of Customers in the Product Security Partnership.................................................................................... 9
Lumify Ultrasound System
3
Philips Healthcare
4535 618 28131_A/795 * NOV 2015
Contents
4
Lumify Ultrasound System
Introduction
1 Introduction
This document discusses security on the Lumify Ultrasound System. Where other Philips
ultrasound systems are delivered as complete systems, with restrictions on what is authorized
and available for the system, Lumify host devices are acquired, configured, and maintained by
the healthcare facility or individuals.
These guidelines are designed to help healthcare facilities understand how the security of the
Philips Lumify app and patient data can be compromised, and to highlight Philips efforts to
ensure that safeguards are in place to help prevent security breaches.
4535 618 28131_A/795 * NOV 2015
For ultrasound-system security resources, such as security bulletins, FAQs, and vulnerability
information, see the Philips Product Security website:
www.philips.com/productsecurity
For information about the Lumify Ultrasound System, visit the Lumify portal:
www.philips.com/lumify
This document and the information contained in it is proprietary and confidential information
of Philips Healthcare ("Philips") and may not be reproduced, copied in whole or in part,
adapted, modified, disclosed to others, or disseminated without the prior written permission of
the Philips Legal Department. This document is intended to be used either by customers, and is
licensed to them as part of their Philips equipment purchase, or to meet regulatory
commitments as required by the FDA under 21 CFR 1020.30 (and any amendments to it) and
other local regulatory requirements. Use of this document by unauthorized persons is strictly
prohibited.
Philips Healthcare
Philips provides this document without warranty of any kind, implied or expressed, including,
but not limited to, the implied warranties of merchantability and fitness for a particular
purpose.
Philips has taken care to ensure the accuracy of this document. However, Philips assumes no
liability for errors or omissions and reserves the right to make changes without further notice to
any products herein to improve reliability, function, or design. Philips may make improvements
or changes in the products or programs described in this document at any time.
Lumify Ultrasound System
5
Introduction
General Information
Unauthorized copying of this document, in addition to infringing copyright, might reduce the
ability of Philips to provide accurate and current information to users.
Non-Philips product names may be trademarks of their respective owners.
General Information
The following general information applies to the security of Philips ultrasound software and
patient data.
Philips Healthcare
• Ultrasound systems are not long-term storage devices. Persistent patient data must be
archived to a DICOM PACS, network share, or on a local repository.
4535 618 28131_A/795 * NOV 2015
• Philips ultrasound systems do not support multiple-user-session operations. They are
designed as single-user devices. Clinical-use access over a network is unsupported.
6
Lumify Ultrasound System
Strategy for Defense-in-Depth Security
Control of Security Vulnerabilities on Philips Ultrasound Products
2 Control of Security Vulnerabilities on
Philips Ultrasound Products
Philips is dedicated to helping all customers maintain the confidentiality, integrity, and
availability of patient data while ensuring that their ultrasound systems continue to generate
and manage this information with complete security. Ultrasound systems may become
vulnerable to security breaches when they are connected to a network.
4535 618 28131_A/795 * NOV 2015
Strategy for Defense-in-Depth Security
Within the healthcare facility, maintaining the security of patient data and Philips products
requires a defense-in-depth security strategy, one that is comprehensive and multilayered
(including policies, processes, and technologies) for protecting information and systems from
internal and external threats.
For specific information about security within your facility, consult with the security specialists
in the following offices or those with similar responsibilities:
• Chief information security officer
• Chief information officer
• HIPAA privacy or security officer (in the United States)
• Safety officer
Philips Healthcare
To learn about general security issues or specific vulnerabilities of your ultrasound system,
contact your Philips representative.
Lumify Ultrasound System
7
Control of Security Vulnerabilities on Philips Ultrasound Products
Regulatory Environment
Regulatory Environment
The development and manufacture of medical devices is tightly regulated, as is the security and
privacy of patient information held by healthcare providers. This creates challenges for both
healthcare providers and manufacturers in responding quickly to new threats to the security of
patient data stored on medical devices.
Protection of Electronic Patient Health Information
• Health Insurance Portability and Accountability Act (HIPAA), United States of America
(www.hhs.gov/ocr/privacy/)
• European Medical Device Directive 93/42/EEC
• Japan’s HPB517
• HIPAA-related portions of the U.S. federal economic-stimulus act (or HITECH), formally
known as the American Recovery and Reinvestment Act of 2009
4535 618 28131_A/795 * NOV 2015
One of the most important assets to protect with security measures is patient health
information. As an example, the following regulations require patient health information to
remain confidential, and they specify security measures to guard patient information:
Role of Philips in the Product Security Partnership
Philips operates under a global Product Security Policy that governs design-for-security in
product creation, risk assessment, and incident-response activities for vulnerabilities identified
in existing products. Philips has instituted a global problem-tracking and escalation process that
provides visibility to security issues involving Philips systems.
Product engineering groups within Philips monitor continuously for new security vulnerabilities
of our systems, including those identified by third-party-software and operating-system
vendors and those reported from individual healthcare facilities.
8
Lumify Ultrasound System
Philips Healthcare
Response to Vulnerabilities
Role of Customers in the Product Security Partnership
Control of Security Vulnerabilities on Philips Ultrasound Products
A global network of response teams dedicated to product-security incidents collects and
manages information and addresses the vulnerabilities that affect Philips products and
solutions. The response teams continue to expand their activities toward global coverage of all
systems.
The goal is for the appropriate response team to evaluate each real and potential breach of
security with an explicit assessment of the risk, threat, or vulnerability and to develop, as
required, a vulnerability response plan that includes qualification and communication
procedures. This means that Philips intends to simultaneously inform customers of system
vulnerabilities while proceeding with development and deployment of risk-mitigation efforts.
For more information about system vulnerabilities, see this website:
4535 618 28131_A/795 * NOV 2015
www.philips.com/productsecurity
Design Improvements
Philips actively conducts internal product security assessments to identify potential security
weaknesses. With that information, Philips engineering teams often define configuration
changes and re-engineering efforts that harden the system against outside threats. The same
information also drives security design requirements for new products. The Philips Product
Security Policy requires design-for-security objectives as part of all new product-creation
efforts.
Role of Customers in the Product Security Partnership
WARNING
Philips Healthcare
Unauthorized modifications to your Android device ("rooting" or "jailbreaking") can cause
the ultrasound system to malfunction, which may lead to misdiagnosis.
Lumify Ultrasound System
9
Control of Security Vulnerabilities on Philips Ultrasound Products
Security Issues and Guidelines
CAUTION
Android devices have many applications available for installation through the Google Play
store. However, to minimize the risk to patient data security, Philips recommends that you
install applications only from trusted sources and that you limit their use to business needs.
The practical implementation of technical security elements varies by site and may employ a
number of technologies, including firewalls, virus-scanning software, authentication
technologies, and so on. As with any computer-based system, ultrasound systems require the
level of protection typically provided by firewalls and other security devices between the
medical system and any externally accessible systems. The U.S. Department of Veterans Affairs
has developed a widely used isolation architecture for this purpose. Such perimeter and
network defenses are an essential element of good security practices. The Department of
Veterans Affairs Medical Device Isolation Architecture Guide is on this website:
http://www.himss.org/ResourceLibrary/ResourceDetail.aspx?ItemNumber=7236
4535 618 28131_A/795 * NOV 2015
Because you use your own device with the Lumify app and transducers, it is your responsibility
to ensure the security of your device and of patient data to meet your local security policies and
regulatory requirements. Consult your Healthcare IT Security department to ensure that your
device is implemented in accordance with your specific requirements for information security.
Response to Product-Security Incidents and Malware Detection
Security Issues and Guidelines
The following guidelines provide concrete examples of system and data vulnerabilities and
methods for providing protection.
10
Lumify Ultrasound System
Philips Healthcare
In the event of a product-security incident, or if you detect malware (malicious software) on the
system, immediately disconnect the system from the network and report the incident to your
Healthcare IT Security department. Alternatively, report the incident by sending e-mail to‑
productsecurity@philips.com.
Security Issues and Guidelines
Control of Security Vulnerabilities on Philips Ultrasound Products
NOTE
Tools for central management of mobile devices are available to help facilitate the guidelines
in this document and to help ease deployment, configuration, and security issues. Consult
your institution's healthcare IT security department.
4535 618 28131_A/795 * NOV 2015
Device Requirements
Philips Ultrasound recommends starting with a device that meets or exceeds the minimum
requirements of the Lumify app, as well as the needs for security within your particular
environment. The next step is to ensure the appropriate level of security controls are
implemented in a manner that meets your local security policies as well as any applicable
regulatory obligations.
Device Hardening
Similar in principle to OS hardening strategies utilized on desktop or laptops, device hardening
involves the identification of all unnecessary functions and applications that are included within
your device and disabling those functions or applications not required for your use. Depending
on the device, this may also include disabling the ability of applications to perform background
functionality that may impact the performance of your device while Lumify is in use. Device
hardening reduces the attack surface of your device by eliminating those services that may
become vulnerable over time.
Encryption
Philips Healthcare
A key security control available on most Android devices is encryption. Encryption helps ensure
that data stored on the system is protected and increases the strength of your access-control
policies by rendering the data unrecoverable.
Lumify Ultrasound System
11
Control of Security Vulnerabilities on Philips Ultrasound Products
Security Issues and Guidelines
Network Security
Any networked ultrasound system must be connected to a secure local area network, one that
provides protection against computer viruses and other harmful code or traffic. Ensure the local
area network uses appropriate protection, such as only using secure wireless technologies,
firewalls, intrusion detection and prevention systems, and vulnerability scanners.
Physical Access Control
Each healthcare facility should limit physical access to the ultrasound systems for the
prevention of accidental, casual, or deliberate contact by unauthorized individuals. The facility
safety or security office can provide more information about what measures are in place.
Unauthorized visual access to protected information can be minimized by positioning the
device to prevent viewing from doorways, hallways, and other traffic areas. Initiate screen
blanking by logging off the system or manually clearing the display before leaving the device
unattended for any amount of time.
User Login and Logout Protections
A password protects saved protected health information (PHI) from unauthorized access, while
meeting safety requirements for the device to be operational as soon as possible.
4535 618 28131_A/795 * NOV 2015
Position of Device
For devices with login capabilities, a consistent user login process, including user names and
passwords, provides good security for protecting information. In all cases, the healthcare
facility must control access to the system.
Protective login and password practices include these:
12
Lumify Ultrasound System
Philips Healthcare
Taking into account the size and portability of tablet devices, implementing a password or
passcode is critical to reduce the potential for exposing personal information if the system is
misplaced or stolen. With some devices, additional controls may be implemented to wipe all
data from the device if the password or passcode is entered incorrectly after a specified
number of times. Those controls help enhance the standard access control model and help
reduce the potential for exposing personal information.
Information-Maintenance Example
Control of Security Vulnerabilities on Philips Ultrasound Products
• Implement strong passwords. This is the easiest and most-effective method to increase
security. Strong passwords consist of at least eight alphanumeric, mixed-case characters
and special characters, for example “@” or “*.” Never use words that can be found in a
dictionary.
• Never post or share user names and passwords.
• Change passwords periodically.
Train system operators to log off of the system immediately after completing their work.
4535 618 28131_A/795 * NOV 2015
Information-Maintenance Example
This example of how to maintain information security uses a zone model of information flow.
Assumptions About the Environment
The ultrasound system relies on the healthcare facility to maintain a secure environment, with
protection mechanisms for network access, encryption, and intrusion detection.
Information Zones
Philips Healthcare
The information-flow model is commonly incorporated into security standards. An easy way to
visualize this model is to diagram a healthcare facility as divided into three zones (see figure),
with each zone having a different priority and level of use for the information. Some facilities
decide not to extend their information to the farthest zone because they cannot guarantee its
protection and integrity.
Lumify Ultrasound System
13
Information-Maintenance Example
4535 618 28131_A/795 * NOV 2015
Control of Security Vulnerabilities on Philips Ultrasound Products
Security Solutions Between Zones
1
Zone 1: The ultrasound department
2
Zone 2: The rest of the healthcare facility
3
Zone 3: The Internet
4
Firewall
5
Firewall with IPSec
Zone 1: The Ultrasound Department
Most image transfer is performed within Zone 1. Backups, copies, and media containing
ultrasound images must be carefully managed by department staff.
Zone 2 includes clinics outside the department that have access to the system and, in some
cases, the Internet. Proper authorization for access and use of audit trails is critically important.
14
Lumify Ultrasound System
Philips Healthcare
Zone 2: The Rest of the Healthcare Facility
Security Protection Software
Control of Security Vulnerabilities on Philips Ultrasound Products
Zone 3: The Internet
Zone 3 is used for connectivity to a HIPAA-compliant cloud-storage provider.
Security Between the Zones
Security between the zones should be managed by standard IT security solutions. Managers
must be aware of the expected level of data traffic to choose a solution that is secure, yet does
not act as a bottleneck in the information flow. Image distribution requires a high-bandwidth
network.
4535 618 28131_A/795 * NOV 2015
Security Within the Zones
The security within the zones should be managed by a combination of standard IT security
solutions and the security functions of the ultrasound system.
Security Protection Software
Lumify app updates are provided through regular releases and the Philips Field Change Order
process.
Antivirus Scanning and Updates
Philips Healthcare
The best protection against viruses is for a healthcare facility to establish an effective networksecurity policy.
Malware is responsible for many of the breaches that are making the headlines today.
Traditional methods of malware protection include Anti-Virus (AV). Philips Ultrasound
recommends choosing a reputable software package capable of meeting your malware
protection needs. Additional steps can be taken to limit the potential for malware on your
systems. This includes ensuring that any additional applications added to your device are from a
reputable source. While applications may include malware, only installing applications
necessary for the functionality of your device will help limit your risk of infection or breach.
Lumify Ultrasound System
15
Control of Security Vulnerabilities on Philips Ultrasound Products
Backups and Archives
Backups and Archives
CAUTION
The chosen export destination and mechanism must be in accordance with your local
healthcare IT security policies.
Backup Procedure
Ultrasound systems are designed to maintain information only as necessary to produce external
documentation for medical records (such as films, traces, and printed records). If additional
backup is necessary, establish an administrative protocol to archive all clinical studies before
deletion.
4535 618 28131_A/795 * NOV 2015
You can export exams and images from the Lumify ultrasound system to a DICOM PACS, to a
network share, or to a local repository. You can also send images by e-mail. Supported e-mail
applications include Gmail, K-9 Mail, Yahoo, Outlook, and Inbox.
Disaster Recovery Plans
Philips Healthcare
It is your responsibility to ensure you have a disaster recovery plan that includes regular and
complete patient data backup. Ultrasound systems are intermittent storage devices; patient
data must be exported from the ultrasound system. For more information on exporting patient
data, see your ultrasound system user information.
16
Lumify Ultrasound System
Philips Healthcare is part of Royal Philips
www.philips.com/healthcare
healthcare@philips.com
Manufacturer’s address
Philips Ultrasound
22100 Bothell-Everett Highway
Bothell, WA 98021-8431
USA
European Union Authorized Representative
Philips Medical Systems Nederland B.V. Veenpluis
4-6
5684 PC Best
The Netherlands
0086
© 2015 Koninklijke Philips N.V.
All rights are reserved. Reproduction or transmission in whole or in part, in any form or by any means, electronic, mechanical or otherwise, is
prohibited without the prior written consent of the copyright owner.
Published in USA
4535 618 28131_A/795 * NOV 2015 - en-US
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.7 Linearized : No Create Date : 2015:10:05 18:26:24+01:00 Creator : AH XSL Formatter V6.0 MR2 for Windows (x64) : 6.0.2.5372 (2012/05/16 18:26JST) Modify Date : 2015:10:08 08:50:02-07:00 Has XFA : No Language : EN-US XMP Toolkit : Adobe XMP Core 5.4-c005 78.147326, 2012/08/23-13:03:03 Creator Tool : AH XSL Formatter V6.0 MR2 for Windows (x64) : 6.0.2.5372 (2012/05/16 18:26JST) Metadata Date : 2015:10:08 08:50:02-07:00 Producer : Antenna House PDF Output Library 2.6.0 (Windows (x64)) Trapped : False Format : application/pdf Title : RM-US-0091-01A Document ID : uuid:eb56e241-ff8a-4ba9-b4c2-065c1868cb68 Instance ID : uuid:c5fb472a-d7da-4291-aeef-8e9435ad9649 Page Mode : UseOutlines Page Count : 18EXIF Metadata provided by EXIF.tools