There are a myriad of benefits to medical device connectivity: data collection for patient and product monitoring, centralised monitoring of use, tele-health applications, and providing safety updates. However, without adequate controls, connectivity opens devices up to misuse and hacking. This blog outlines the key risks that connectivity can introduce to a product.
The biggest inherent risk to an electronic medical device is the exposure and subsequent theft of data. Stolen personal medical data can be used for identity theft and for blackmailing organisations. Aside from the obvious potential for patient distress, this poses serious risk of reputational and financial damage to the manufacturers of the medical devices and to the organisations holding the data.
Within the medical device and diagnostic sector, these vulnerabilities are mostly large scale attacks aimed at the connected servers, rather than targeted on a device by device basis. This is likely due to the economies of scale gained from breaching a server rather than the more time-consuming task of interacting with each device to gain data.
However, many products do not encrypt patient data prior to network communications, or fail to authenticate the network itself. This makes them vulnerable to attacks where imposters can detect any unencrypted data, to build up patient profiles using patient IDs and other sensitive health information. Such data could then be linked to data gathered through a server breach.
Unauthorised control of devices can arise from a lack of robustness in user accounts and password settings, or, in extreme cases, attacks where hackers pretend to be your server and therefore gain access to the device. Connecting medical devices to hospital networks – for example, to allow for remote maintenance monitoring – can expose data to hackers. Recent examples, such as anaesthetic machines and infusion pumps, show that network connection can allow control to be taken over for malicious purposes – potentially turning off alarms or changing doses of medications.
A particular risk group are medical implants with short range radio connections to allow monitoring and settings adjustment. Some of these radio connections have been shown to be vulnerable, allowing attackers nearby to modify or intercept data transfer and inject data into the device.
In the worst case, devices such as pacemakers could be hijacked to deliver an unnecessary shock to the patient, causing harm. Although no attacks of this nature have been reported to date, a software update recall was announced for one brand of wireless pacemaker in 2017 by the FDA.
A more crude, but potentially devastating, attack technique is to completely switch off a medical function or service. This type of attack could directly impact patient treatment, or be used as an act of criminal blackmail to illicit payment. This is exemplified by a 2017 attack when MRI systems in a US radiology department were infected with ransomware.
There are also warnings that Distributed Denial of Service (DDoS) attacks are becoming a growing concern, and that medical device networks are at risk of being targeted. In such attacks, a hacker overwhelms a network by sending it a large number of requests and therefore prevents legitimate use.
Despite evident risks, these threats are not an inevitable cost of connecting medical products; there are many design choices and mitigating steps which can be taken to improve the resilience to cyber-attacks. I will discuss this in my next cybersecurity blog.
Does your medical device contain cybersecurity ticking time-bombs?