How Can Medical Device Manufacturers Ensure Cyber Safe Products?
Healthcare delivery is consistently transforming as a result of associated evolving technologies. Technological advancements have their obvious benefits in allowing the opportunity for an improved quality and efficiency, but there is an indisputable detrimental impact – the mounting cybersecurity risk associated with the use of connected devices in the medical device industry.
This begs the question: How can manufacturers of such devices ensure the security of the devices they create?
Medical Device Risks
Researchers from security software company McAfee investigated this risk. Their research imitated a clinical environment by using a bedside monitor (which tracks heartbeat data) a central monitoring system and an electrocardiogram simulator. They found that they could falsify the heartbeat data from 80 beats a second to 0 by intervening with the communication between the bedside monitor and the central monitoring device to send false data. Central monitoring systems are used by physicians to observe the data of multiple patients; therefore, this research highlights a serious risk considering the importance of heartrate observation for medical professionals to make informed decisions.
Similar vulnerabilities were also found in Insulin Pumps in research presented at the Black Hat Information Security Conference. Researchers managed to remotely disable an Insulin Pump and prevent it from delivering the hormone, which would have grave impacts on the user.
In addition to highlighting the weaknesses in Insulin Pumps, the researchers also demonstrated how they could take control of a pacemaker, which again would have life threatening consequences to the user. Research of this nature unearths the vulnerability which our connected devices truly face. As we enter an increasingly digital landscape; the demand for manufacturers to ensure their device security grows.
Hackers aren’t the only cybersecurity risk which our healthcare systems face. Last year the NHS suffered a data breach due to a coding error, which resulted in the confidential data of 150,000 patients being shared without their permission. Breaches like this demonstrate the vulnerabilities that exist in our digital systems and the damaging effects of a simple coding error. Doubts are continuously cast over the reliability of using technology in healthcare; this will be the case until manufacturers and governing bodies can work together to ensure the security of these technologies.
Healthcare companies are working hard to ensure the security of their devices by implementing internal guidelines; for example: Philips Healthcare, who manufacture a range of medical devices, have implemented a four-staged approach for ensuring the cybersecurity of their products. The stages involve undertaking appropriate risk assessments, enhancing product development, undergoing consistent product security training, and implementing effective incident response systems.
These four stages are designed to rigorously check their products for any vulnerabilities before they are released, in order to curb the cyber security threats that they face.
Many organisations, have an action plan to tackle cyber threats, although it remains to be seen if such plans are successful. Regardless, companies in the healthcare and medical device sector face a huge challenge in keeping their devices and records secure, especially with the constantly evolving digital landscape.
Procorre have conducted many successful projects relating to medical device organisations and can swiftly utilise our pool of cyber security experts to implement solutions. To learn more about how you can benefit from our cyber security services when getting your devices out to market, contact our team today.
A blog by the Procorre Cyber Team