Securing Medical Devices: What is Really Needed?

Medical device manufacturers continue to develop new, highly sophisticated and increasingly connected products. These products offer a wide range of benefits: Improved treatments, more precise diagnostics, better patient monitoring, automated control, and central reporting and monitoring of data. This increased connectivity, however, comes with risks for both patients and providers.

Even though these companies are heavily investing in the development of new medical device technologies, they often lack the security expertise and resources to ensure high levels of security are built into these products. Many devices employ new protocols, platforms and middle-ware solutions that have not been thoroughly vetted for security issues. The result, not surprisingly, is a slew of devices that are easily compromised by hackers.

Securing Medical Devices: What is Really Needed?We continue to see headlines of new security vulnerabilities found in critical medical devices. Ransomware attacks have targeted hospitals and medical providers with alarming success. In these kinds of attacks, hackers compromise a system, encrypting critical data so the systems cannot operate, then require a ransom payment to restore the system to working order. Northeast Remote Surveillance and Alarm, LLC. can keep your network secure.

If hackers are able to control systems that impact patient outcomes, they will have tremendous leverage for their ransom demands. Past ransomware attacks have targeted IT and database systems, but future attacks may focus on medical devices. In fact, in 2019, cybersecurity experts found dangerous vulnerabilities in the technical design of some insulin pumps, prompting the FDA to issue a warning that hackers could compromise insulin pumps by connecting to them via WiFi and changing the pump’s settings to either under- or over-deliver insulin. If hackers are able to control systems that impact patient outcomes, they will have tremendous leverage for their ransom demands.

Use of multiple layers of protection, including firewalls, authentication, security protocols and intrusion detection/intrusion prevention, is a long-established driving principle for enterprise security. In contrast, most medical devices lack basic firewalls or security protocols, and often rely on little more than simple password authentication. There was an assumption that these devices are not attractive targets to hackers, or are not vulnerable to attacks, but that is no longer valid. Attacks against all types of embedded devices, including medical products, are on the rise, and greater security measures are now needed.

We Specialize in Security & Alarm Installation for Higher Education, Medical, Transportation & Manufacturing!