SLAAC May Save Your Life


A chance dinner conversation at Wireless Field Day 7 with George Stefanick (@WirelesssGuru) and Stewart Goumans (@WirelessStew) made me think about the implications of IPv6 in healthcare.  IPv6 adoption hasn’t been very widespread, thanks in part to the large number of embedded devices that have basic connectivity.  Basic in this case means “connected with an IPv4 address”.  But that address can lead to some complications if you aren’t careful.

In a hospital environment, the units that handle medicine dosing are connected to the network.  This allows the staff to program them to properly dispense medications to patients.  Given an IP address in a room, staff can ensure that a patient is getting just the right amount of painkillers and not an overdose.  Ensuring a device gets the same IP each time is critical to making this process work.  According to George, he has recommended that the staff stop using DHCP to automatically assign addresses and instead move to static IP configuration to ensure there isn’t a situation where a patient inadvertently receives a fatal megadose of medication, such as when an adult med unit is accidentally used in a pediatric application.

This static policy does lead to network complications.  Units removed from their proper location are rendered unusable because of the wrong IP.  Worse yet, since those units don’t check in with the central system any more, they could conceivably be incorrectly configured.  At best this will generate a support call to the IT staff.  At worst…well, think lawsuit.  Not to mention what happens if there is a major change to gateway information.  That would necessitate massive manual reconfiguration and downtime until those units can be fixed.

Cut Me Some SLAAC

This is where IPv6 comes into play, especially with Stateless Address Auto Configuration (SLAAC).  By using an automatically configured address structure that never changes, this equipment will never go offline.  It will always be checked in on the network.  There will be little chance of the unit dispensing the wrong amount of medication.  The medical unit will have history available via the same IPv6 address.

There are challenges to be sure.  IPv6 support isn’t cheap or easy.  In the medical industry, innovation happens at a snail’s pace.  These devices are just now starting to have mobile connectivity for wireless use.  Asking the manufacturers to add IPv6 into their networking stacks is going to take years of development at best.

Having the equipment attached all the time also brings up issues with moving the unit to the wrong area and potentially creating a fatal situation.  Thankfully, the router advertisements can help there.  If the RA for a given subnet locks the unit into a given prefix, controls can be enacted on the central system to ensure that devices in that prefix range will never be allowed to dispense medication above or below a certain amount.  While this is more of a configuration on the medical unit side, IPv6 provides the predictability needed to ensure those devices can be found and cataloged.  Since a SLAAC addressed device using EUI-64 will always get the same address, you never have to guess which device got a specific address.  You will always know from the last 64 bits which device you are speaking to, no matter the prefix.

Tom’s Take

Healthcare is a very static industry when it comes to innovation.  Medical companies are trying to keep pace with technology advances while at the same time ensuring that devices are safe and do not threaten the patients they are supposed to protect.  IPv6 can give us an extra measure of safety by ensure devices receive the same address every time.  IPv6 also gives the consistency needed to compile proper reporting about the operation of a device and even the capability of finding that device when it is moved to an improper location.  Thanks to SLAAC and IPv6, one day these networking technologies might just save your life.

2 thoughts on “SLAAC May Save Your Life

  1. Just an IP ? Not even a hash verify?
    What about DHCP Static leases… ok well that is not the point … no oneshould not rely on a network address to identify a device … much less a medical device
    Healthcare is a scary place!

  2. I like this blog but SLAAC is a terrible solution for this problem. SLAAC is a dynamic address configuration mechanism. There is no guarantee that a device with get the same address every time, that’s why the Duplicate Address Detection algorithm is still used. There have been cases where the same MAC was duplicated to multiple hardware devices. There’s no mechanism that forces all MAC address to be unique. The list goes on an on.

    Mr. Arechiga is correct. The device should be logged into medical system and should be receiving dosage information for Patient 4908253089 and only 4908253089. It should be able to change its IP address twenty times per hour and still get the same information from the medical software.

    If there *is* a software company out there that is sending dosage information to a particular IP address (as this article would seem to suggest) one good solution would be for the company to be sued into oblivion by a malpractice lawsuit. The owners liquidate the software company, the software is dumped from all hospitals and all the employees are absorbed into other parts of the economy.

    Also, I’ve worked for acute care hospitals for 10+ years. I don’t think this app (receiving dosage information from a server) exists. I’ve seen machines that deliver a dosage to a patient at the direction of a nurse. It can then report what has happened to a central server for documentation. That’s a very different thing than the server telling the medical device to dispense X amount of morphine. Ooops. Sorry. You’re an 8-yr old that weighs 38 pounds, not a 40-year old who weighs 180 pounds. Sorry, your dead. No, I don’t think anyone has made such a device.

    I think you got some bad information on which to base your blog.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s