Mobile Carts Must Evolve
Mobile computing carts commonly referred to as COWs (computers on wheels), are the most common form of “mobile” technology in hospitals. Mobile healthcare has come a long way over the past several years which begs the question; what happens to the COWs? Simply put, they evolve or they are passed over for a more convenient form of mobile technology.
In today’s high-speed environment, smartphones and tablets are making data accessible at the point of care. The adoption rate EHR’s has driven much of the demand for a real-time tool to access patient data. Small, easy to handle (and in most cases) touch screen devices make it easy for doctors and nurses to carry the device and update patient information in real-time. Even custom lab coats with special pockets to carry mobile devices are being designed to help with adoption of mobile technology in the health care industry. Todd Jackson the Executive Vice President of sales for Stinger Medical says,
“Clinicians continue to struggle completing real-time documentation. Instead, many complete what I call ‘near-time’ documentation. This is where a nurse or physician enters data into the EHR after the appointment — either in an office or at a mobile cart or fixed workstation in the hall. The reason? Their mobile carts don’t facilitate real-time data entry at the patient bedside. Historically, many mobile cart and fixed-mount solutions weren’t really designed around clinician workflows. This needs to change.”
The benefits of doctors and nurses being more mobile outweigh the negative factor, which can be small a margin of error when using the touch screens some of the mobile devices. While adoption of mobile technically is increasing worldwide, there is still a mentality of “If it’s not broke, don’t fix it” filtering among some health care professionals.
Peloton vulnerable to cyber attacks, McAfee research finds
Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks in the latest research from McAfee.
Peloton is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use wi fi to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.
Peloton has garnered attention recently around the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.
Researchers looked at the Android devices and uncovered a vulnerability that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain to hack into the bike’s tablet, including the camera, microphone and personal data.
For the person using it there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk.
The flaw was found in the Android Verified Boot (AVB) process. McAfee researchers were able to bypass the Android Verified Boot process, which normally verifies all code and data before booting. They were then able to get the device to boot bypassing this step.
This could potentially lead to the Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely.
As the attacker never has to unlock the device to boot it up, there would be no trace of their access on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing.
Given the simplicity and criticality of the flaw, McAfee informed Peloton while auditing was ongoing. The vendor was sent full details, and shortly after, Peloton confirmed the issue and released a fix for it.
Further conversations between McAfee and Peloton confirmed that this vulnerability had also been present on the Peloton Tread exercise equipment.
Peloton’s Head of Global Information Security Adrian Stone, commented on the research: “This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.
"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”