Hospital Administrator And User Accounts; About Accounts - Profound Sonalleve MR-HIFU Instructions For Use Manual

10. Appendices > 10.7. Hospital administrator and user accounts
Multi-factor authentication for all users is not supported. Control authentication by controlling
physical access to the system. Ensure that only authorized personnel have access to the system.
Some parts of the systems are located in the technical area of a system. Access to these locations
is assumed to be restricted. Usually, the components in the operator or examination room are more
readily accessible and therefore the following characteristics shall be taken into account for system
operation and access control:
The computer case is 'service friendly'; opening and removal of, for example, hard disk may be
possible without use of tools; computer case can be locked (for example, by cable lock); there
are no front side accessible drives, and so on.
The boot order for the system is Hard Disk, USB, DVD. By inserting a bootable CD/DVD or
connecting a bootable USB memory device, the system could be started up from those and thus
access may be gained to the system including information stored in it.
There is no detection of unauthorized physical access into the system e.g. via tamper proof
seals.
The integrity of most of the Profound Medical application software is checked when the systems
starts. Data integrity is not checked on startup.
The system BIOS is not password protected and can be accessed during the startup of the
system if unauthorized access to the system is possible.
Access to the DVD drive and the rear panel USB ports requires administrative privileges. The
front panel USB ports are disabled for cybersecurity reasons.
Security and node authentication
The Sonalleve MR-HIFU system only exchanges clinical data with the (internal) MR system, not
with other external nodes. Therefore, no node authentication mechanism has been implemented.
Security event reporting
The system does not implement automated reporting of security events.

10.7. Hospital administrator and user accounts

10.7.1. About accounts

The default user account "HIFU User" can be used by different system operators, but does not
provide a personified logging of the actions done by each operator. Personified user accounts
providing the logging of the actions done by each individual user may be required by legislation: for
example HIPAA. Each of these individual users has the same permissions and rights as the default
system user, unless the administrator assigns different rights to the user account. It is possible to
define that certain user accounts are power users. Power users have these additional rights:
Instructions for Use
109745C2 / 02-2022
170 (192)