SECURITY CONCERNS WITH SMART MEDICAL DEVICES

by Thomas Riley on Aug 29, 2018
Promoted Content

+ more

Share this post
The world has embraced connected devices. They’ve become a technology that people rely on, both personally and professionally. This is reflected in the medical field, where connected device usage is steadily increasing. A report by Statista claims over 161 million medical connected devices will be installed by 2020. The demand for these Internet of Things (IoT) devices is obvious.
However, there is an opportunity for these devices to be a security risk. In fact, it’s making a new approach to security necessary.

Security Risk

The crux of the risk is that connected medical devices are no longer stand-alone, they are part of a network with multitudes of other devices. For example, some types of infusion pumps communicate with electronic health record (EMR) systems or priority monitoring systems. This communication often includes personal health information (PHI). This communication must be safeguarded to maintain patient confidentiality and safety.
Without proper security, connected medical devices can be easily breached. A malicious actor (aka ‘hacker’) looking to infiltrate a network often only needs one weak device to be successful. McAfee Labs’ Threat Report reveals a 210% increase in disclosed security incidents related to healthcare. This surge indicates that hackers are finding programs on the network that are vulnerable.
Many of these vulnerabilities involve leveraging attack techniques such as phishing, ransomware or denial of service. However devices are often also vulnerable to more targeted attacks such as “replay attacks where communication is intercepted that is designated for the device. The communication can then be replayed to the device to cause it to repeat the action the communication originally intended to do. The FDA confirmed that connected pacemakers and defibrillators can be exploited. Leveraging these exploits a malicious actor could drain batteries or trigger shocks to the patient.

Steps to Improve Connected Device Security

To realize the advantages of connected devices, resolve concerns about security by employing these essential best practices:
  • Building security into the design process. Consider security concerns early in development to ensure the final product does not need to compromise on security.
  • Evaluate security risk. No two devices risk profiles are the same. Thus no two devices have the same security risks. Security risk need to be evaluated to ensure a device is safe as possible.
  • Utilize standard industry practices. Techniques exist for encryption, authorization and authentication. Utilizing the existing practices employs the magnitude of effort already invested into solving difficult security challenges.
  • Test the security of the device. Often devices have vulnerabilities that are not the result of bad design but is merely a mistake that can be easily resolved. Testing ensures that misconfiguration or software anomalies do not lead to vulnerabilities in the field.
  • Understand the security life cycles once a device is in the wild. Plan on how to respond and address security vulnerabilities when they occur in the field.
  • Emphasize the encryption of all sensitive data, especially Protected Health Information (PHI).  This is critical in ensuring privacy and control over data.
  • Institute more security measures after the initial configuration by the manufacturer. You should be able to update and adjust security settings throughout the life of the product.
Such a bright future for connected medical devices shouldn’t be compromised by lax security.
Learn more about Sunrise Labs and cyber security for medical devices.

 

Read more at sunriselabs.com

Follow us on social media for the latest updates in B2B!

Latest

BioTech Startups Want to Revive Failed Medicines to Create New Lifesaving Treatments
Behind the Clinical Trials for Non-Alcohol Fatty Liver Disease that Can Benefit 30% of Americans
July 1, 2022
  The Impact Research Institute (IRI) is Waco, Texas’ resource for extending care options for NAFLD (non-alcohol fatty liver disease.) Nadege Gunn is IRI’s Medical Director and President. She Read more
FABTECH Show Kickoff and Overview of Solutions Distributed by DeGeest
June 30, 2022
This is another episode of Manufacturing A Stronger Standard live from FABTECH 2021. Host and President of LestaUSA and DeGeest Corp., Derek DeGeest, talked with Brad Ruppert, Engineering Manager, and Read more
Improving Quality and Bottomline for Finishing Operations
June 30, 2022
This is another episode of Manufacturing A Stronger Standard from FABTECH 2021. Host and President of Lesta USA and Degeest Corp., Derek Degeest, talked with Bill Robinson, President and Kris Bonnegent, Regional Read more
Related
BioTech Startups Want to Revive Failed Medicines to Create New Lifesaving Treatments
Software & Technology
Behind the Clinical Trials for Non-Alcohol Fatty Liver Disease that Can Benefit 30% of Americans
July 1, 2022
Healthcare
How to Be Your Own Healthcare Advocate
June 30, 2022
While healthcare in the United States is often the topic of a heated political debate, there is one subject within it that irks patients and healthcare practitioners alike: time. One of the biggest problems with Read more
Healthcare
Do You Know Where Your Instruments Are? How Surgical Instrument Marking Can Improve Your Perioperative feat. Bill Camargo and Jennifer Bingaman
June 28, 2022
Ahead of any surgical procedure or operation is the preparation of surgical instruments. In the latest episode of the podcast “ConCensis,” host Tyler Kern discussed the ins and outs of how Censis utilizes its Read more