Regulators and medical device manufacturers are expecting a wave of attacks targeting medical devices, and the Food and Drug Administration (FDA) is worried.
This expected frenzy of attacks on the healthcare sector is nothing new, with outdated security infrastructure and copious amounts of personal information it is the perfect target for hackers.
Ilia Kolochenko, CEO of Web Security Company, concerned with security and healthcare, agrees and notes that “the problem is aggravated by the very low level of cybersecurity at hospitals in general – lack of segregation and access rights, missing security patches and updates, missing or weak encryption, insecure authentication, default or weak passwords – are just few examples.”
“Connected medical devices should be strictly and severely regulated by governments, and their manufacturers should bear the liability for any negligence or carelessness during the manufacturing process – otherwise medicine will become an extremely dangerous activity within the next decade.”
To date, hundreds of millions of electronic health records have been exposed and that number is on the increase.
Indeed, more than 113 million personal health records were compromised in 2015, according to provider data reported to the Department of Health and Human Services (DHS), nine times as many as in 2014.
“In just the last few years…we’ve seen more than a hundred million health records of American citizens breached in a couple of well-publicised incidents,” Terry Rice, vice president of IT risk management and chief information security officer at Merck & Company, told the Energy and Commerce Oversight and Investigations Subcommittee last week.
>See also: 4 sectors vulnerable to IoT attacks in 2017
This extensive vulnerability has extended and will continue to extend to wearable medical devices as they begin to enter the mainstream.
As an example, suggests a report, Johnson & Johnson told its customers last year that its insulin pumps had a security wireless vulnerability that hackers could use to access the device and cause a potentially fatal overdose of insulin.
“Vulnerabilities in pacemakers and insulin pumps can be exploited to cause potentially lethal attacks and we have witnessed entire hospitals in the U.S. and U.K. shutting down for multiple days to combat ransomware infections in critical systems,” continued Rice.
To date, however, it should be noted that there have been no known cases of patients coming to harm from hacked medical devices. But the ability to do so remains.
As a result, the FDA is rallying agencies in an effort to protect these devices.
“This is what we said to manufacturer’s; one should consider the environment a hostile environment, there are constant attempts at intrusion … and they have to be hardened,” said Suzanne Schwartz, associate
The medical device industry is starting to take note of this vulnerability and has gone from a general understanding over the last two years to placing cyber security at the heart of its product development.