Digital Security Experts Warn of Medical Device Hacking
A growing number of digital security experts are sounding the alarm about medical device hacking. After years of movies and sci-fi novels covering the threat, the risk today is all too real – and potentially lethal – according to “ethical hackers.”
The prospect of a potentially fatal hack involving medical equipment was one of the many threats discussed at Def Con, an annual conference focused on cyber security. Representatives of the healthcare sector were in attendance, as the industry starts to wake up to the threat of digital attacks. This was also the first year that the FDA offered a presentation on the subject at the conference.
Across many talks at Def Con, analysts pointed to the various ways that hackers could impact equipment and software. While the threats are similar to other sectors in a technical sense, the stakes are obviously a lot higher when lives are on the line.
In the wake of the Wannacry virus that attacked Britain’s National Health Service earlier this year and the Petya ransomware that rocked Merck just a month later, the pharmaceutical sector and medical device manufacturers are on high alert and looking for extra guidance.
Against this backdrop, addressing medical device hacking is a priority. Prevention starts at home, which means manufacturers need to up their game in terms of preparing for attacks and reacting to vulnerabilities.
Although cyber security experts have worked with the FDA to provide a list of specific medical device vulnerabilities as far back as 2013, the general sentiment is that manufacturers and medical facilities are still lagging behind. The dynamic nature of the hacking world makes it all the more challenging to keep pace with potential attackers, let alone get a step ahead of them.
The medical device market in 2017 is worth around $400 billion. It is expanding every year and the technology has become the heart of many common health care procedures. With people living longer, this trend shows no signs of slowing down.
Experts point to several precautions that health care providers and manufacturers can take to mitigate the risk of medical device hacking. These include:
- Evaluate the digital security of multiple devices at the procurement stage. Establish guidelines and minimum standards for devices and software purchased.
- Create guidance for all device users, especially those who maintain the equipment and software. Identify and remove workarounds and unapproved practices that could lead to an opening for hackers.
- Educate all team members on the basics of digital security to develop good habits and best practice.
- Review bring-your-own-device (BYOD) policies to ensure a standard level of protection across all systems. Remove any gaps that could lead to a vulnerability.
- Keep up to date with medical device recalls and cyber security threats.
Given the limited resources of some care providers and a wide range of regulatory burdens, the onus is on manufacturers to lead the charge against medical device hacking. Digital security may have been an afterthought for these companies in the past, but recent events and the potential for a catastrophic outcome mean that it needs to be bumped to the top of the list.
New York State Sues Johnson & Johnson For Alleged Opioid Epidemic
Raise Awareness of North Carolina Street Racing