Software for Medical Devices Cyber Security
The world of healthcare has greatly benefitted from enhanced connectivity as a by-product of the digital age. However, this benefit has contributed to exposing medical devices and their softwares to cyber attacks. Malicious digital interferences can be significantly detrimental to patient safety. Cyber security initiatives require attention from various areas for example - systemic and technical perspectives.2 Security researchers have been uncovering hazardous flaws recently with medical devices to help with awareness on the various methods which may be used. 1
Surprisingly, it is felt that spending on medical devices is still not high enough. ABi Research forecasts that healthcare provider spending on cyber security for healthcare will reach $5.5 billion in 2016. However, only $0.3 billion is due to be channelled for medical device security. 5 Growing awareness of this new hostile arena will push spending in this area forward. The intelligence firm states that millions of connected medical devices bring fresh threat vectors into the healthcare IT landscape. These could have damaging iimpacts on effective care delivery and patient safety if left unmonitored.
Recent guidance published by the FDA has reinforced the responsibilities expected of medical device software manufacturers in regards to the cyber security of their products. The guidance covers disclosing vulnerabilities and implementing remediation programs to monitor and fix any security issues. Proactive planning and risk controls stand as key requirements for new products and those on the market currently.1
Ahead of the 2017 Software for Medical Devices conference, Pharma IQ brings you this whitepaper looking at what you need to know in regards to software cyber security to medical devices.
How Cyber Attacks on Med Devices happen:
The direction of information is now more sophisticated with medical devices. They connect with remote devices and networks and so can no longer be deemed as standalone devices. Implant devices can be altered remotely, pacemakers, insulin pumps are some examples of these. This openness creates vulnerabilities. Security measures must account for the flow of communication, as attacks can occur through having physical contact with the device or remotely. 2
Digital attacks can even be unintentional for example an infection obtained via a corrupted USB stick inserted by an administrator. 2
Attacker Motives: These can range from financial rewards through organised crime, to make political statements or even state sponsored targeting.
Detriment caused: Security weaknesses in medical devices expose the data held and in some instances the control of the device itself. If the configuration is not adequate or data has been corrupted, patient safety is at risk of attackers influencing clinical decisions or even operating the device. Attacks can be coordinated to block access to information – disabling critical alerts or clinical information being transmitted via malware and other hacking softwares. Aside from patient safety risks, other areas of potential harm include noncompliance, litigations and financial penalties.
Modes: Web servers can be an infiltration point when they provide an interface to control devices. Others targets for attack include database servers. Software can be compromised using these channels with the use of viruses, trojans and malicious software.According to Patricia AH Williams and Andrew J Woodward in Cybersecurity vulnerabilities in medical devices there are tools online which have the ability to assess web interfaces and pinpoint software vulnerabilities that should be targeted. Multiple live medical devices are known to have fallen victim to cyber attacks because their software has gone through inadequate vulnerability testing.
Vulnerabilities: Security holes can be created from backdated operating systems and/software – also incompatibilities between systems. Inadequate software updates and patches can be key culprits. The finite power tached to medical devices complicates encryption processes can cause med devices to lag and drain battery life.
- Cyber Attack Fact File
- Cyber Security Standards
- Cyber Defence Strategies
Download the whitepaper to continue reading.
|Have Your Say|
Rate this feature and give us your feedback in the comments section below