The U.S. Department of Homeland Security is currently investigating a number of cases of suspected cybersecurity flaws in medical devices and hospital equipment. As Reuter’s reports, products under the spotlight include infusion pumps and implantable heart devices.
“The agency is concerned that malicious actors may try to gain control of the devices remotely and create problems, such as instructing an infusion pump to overdose a patient with drugs, or forcing a heart implant to deliver a deadly jolt of electricity,“ writes Jim Finkle of Reuters.
“According to [a] senior DHS official, the agency started examining healthcare equipment about two years ago, when cybersecurity researchers were becoming more interested in medical devices that increasingly contained computer chips, software, wireless technology and Internet connectivity, making them more susceptible to hacking.”
Lessley Stoltenberg, the chief information security officer at the
University of Texas MD Anderson Cancer Center, told Reuters the institution will soon need to test all medical devices to ensure they meet security standards before they can be put on the hospital’s network.
“I’m pretty concerned,” said Stoltenberg. “Coming out of the block, medical devices don’t really have security built into them.”
Pankaj Rohatgi, technical director of hardware security solutions at the Rambus Cryptography Research Division, noted that the ongoing DHS investigation examining potential vulnerabilities in medical devices and hospital equipment illustrates just how quickly security requirements for the health care ecosystem are evolving.
“Dedicated medical devices that were previously not network-connected such as infusion pumps and implantable heart devices are now coming online en masse. Some of these devices are equipped with standard electronic components that expose unsecured software functionality,” Rohatgi told Rambus Press.
“As we are seeing, a software-centric security approach for medical devices inevitably requires frequent updates due to unforeseen vulnerabilities. To avoid potentially dangerous scenarios, medical companies should strive to make building strong hardware-based security a primary design goal, rather than depending on patches after a device has already hit the market.”
Interested in learning more about the advantages of hardware-based security? You can check out some of our previous blog posts on the topic, including “Cyber attacks to target connected vehicles,” “Rambus secures smartphones and tablets,” and “Protecting FPGAs from side-channel attacks.”
Leave a Reply