Thanks to a wireless evolution and the development of medical devices, as more of them are connected to advanced software the need for cyber security has grown as well. These attacks can be incredibly dangerous, considering medical records and data can be stolen, rendering entire computer networks in a hospital useless.
The WannaCry ransomware attack that also impacted the British health service caused emergency patients to be moved into different locations. This aggression exposed weaknesses in their system and raised the question of how seriously do companies and countries need to take medical device security.
According to The Guardian, British PM Theresa May said the attack wasn’t targeted at the National Health Service but instead was an “international attack and a number of countries and organizations have been affected.”
The attack revealed the damage that could be done to a crippled system following a hack and has put an industry on the spotlight as agencies race to make sure medical devices and tech don’t end becoming the targets of more attacks.
Medical device security: an overview
The US Food and Drug Administration (FDA) states that medical equipment can be susceptible to security attacks that can remove the safety and effectiveness of the apparatus. The agency works to support other federal agencies such as the Department of Homeland Security in the case of any kind of attack.
According to a report from Deloitte, medical devices have gotten more sophisticated, with network capabilities and complicated software. This has opened the door to sophisticated hacking tactics, which the medical world hasn’t dealt with directly before.
“Information technology, compliance, and risk executives in healthcare organizations will need to be able to anticipate and address present and future medical device security risks to safeguard patient safety and protected health information,” the report states.
Over the new decade, the issue of cybersecurity with medical technology has taken an exponential leap, thanks in part of the crucial advancements of the devices. According to Communications of the ACM, the challenges of medical device security include regular failures, radio attacks, malware and vulnerability exploits.
The outlet detailed “the majority of the work in security and privacy has been centered on threats to the telemetry interface.”
Five specific areas are shown in the report for wireless telemetry including biometric authentication, distance-bounding authentication, out-of-band authentication, external devices, and anomaly detection.
With an increase from wireless technology and connected devices, the FDA finds itself in a place where it has to evaluate the threat level from attacks, not just targeting one device. Instead, for example, a whole network of computers at a hospital.
The American agency recommends for manufacturers of common devices to be aware of the risk involved with their product and take the proper precautions in order to prevent any type of hacking. This can be in the way of an update to their device, which isn’t typically reviewed before release for products already approved by the FDA.
Medical device security: steps to fighting attacks
Communications of the ACM report on security with medical devices explained the industry must approach this issue with the guidelines put forth by the FDA by subscribing to these principles: Identity, Protect, Detect, Respond and Recover.
A number of recommendations on the issue is for the organizations to take it seriously and be on the lookout for their potential customers and patients. All of this to prevent what IoT For All called the nightmare scenario: death by hacking.
The report noted, “cybersecurity makes up only 4 percent of [75 percent of providers] overall IT budget, device manufacturers are embedding safeguards to mitigates the effects of device hacks.”
A 2017 study found over half of manufacturers and healthcare organizations are expecting attacks to their devices within the year.
“According to the findings of the research, attacks on devices are likely and can put patients at risk,” Dr. Larry Ponemon was quoted as saying. “Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”
In 2016, INN reported how Johnson & Johnson (NYSE:JNJ) disclosed the vulnerability of their Animas OneTouch Pink Insulin pump, which was susceptible to hacking.
“Johnson & Johnson sent a letter to 114,000 users in North America explaining the security issue and how it could be resolved. The company recommends discontinuing use of the wireless remote or setting a maximum dose limit on the device itself.”
Moving ahead, as attacks on medical devices continues to grow, so will the number of cybersecurity jobs. As noted by Cybersecurity Ventures, roughly 3.5 million jobs in the cybersecurity market will be available by 2021 due to the rising cost of cybercrime attacks.
Even now, a medical device start up is jumping in on preventing medical device attacks. According to Siliconrepublic, newcomer Nova Leah is expected to create 78 jobs with a specific focus on medical devices.
“The recent WannaCry ransomware attack on the UK’s NHS highlights the importance of cybersecurity in the health sector,” Anita Finnegan, Nova Leah founder and CEO stated in the article.
Medical device security: investor takeaway
Symantec (NASDAQ:SYMC) released a report indicating the IT security budget for medical cyber security is set to grow to $101 billion by 2018. The company detailed stolen electronic health records can sell for $50 per chart on the black market, according to a 2014 report from the FBI. That same federal report revealed the projected increase in attacks as records made the full transition from paper to electronic.
Don’t forget to follow @INN_LifeScience for real-time updates!
This is an update to an article originally published in 2017.
Securities Disclosure: I, Bryan Mc Govern, hold no direct investment interest in any company mentioned in this article.