Medical Device Attacks: A New Threat to Patient Safety
shared by anthonycasimano112 on Aug 24
4
views
0
faves
0
comments
Meta: Medical device attacks can be a nightmare. Learn here what it means, what are the types, and the potential solutions.
In May 2017, a Forbes article revealed how a ransomware infected 48 UK h...
ospital systems and some US medical facilities. The news of medical device attack spread like a fire. This essentially pointed out security loopholes in our systems.
Can a hacker remotely make your insulin pump go haywire? Does it make sense when your pacemaker suddenly starts sending abnormal signals? Well, it may look like a scene from your favorite sci-fi movie. But these things do not seem too far from happening. In fact, the emerging threat of medical device attack is something many should worry about.
What Is Medical Device Attack?
Also called medical device hijack (MEDJACK), it is a type of cyberattack where the hackers target medical devices by intruding into their operating systems. Though a relatively new form of cyberattack, it has gained considerable attention in the last few years. With the increasing use of embedded devices that lack proper security measures, such attacks present a big threat to patient data integrity and patient safety.
The motive of the hackers behind medical device attacks might be different. For example, some are concerned with patient data theft while some are more interested in earning some bucks through the attack. For example, a ransomware asks money for not revealing the confidential patient information. In the worst case, it could be a terrorist attack or state-sponsored spying on some politically influential persons. Whatever the motive might be, hacks endanger patient safety in every case.
Any medical device is potentially vulnerable to medical device attack. Be it an MRI system, a CT scan machine or an X-ray machine. More serious concerns arise when the hackers attack EMR/EHR systems.
Types of Medical Device Attack: Know the Basics
There is no standard classification system that categorizes medical device attacks. Nonetheless, researchers have outlined five types depending on the outcomes of the attack. They are:
● Destroy attacks. The hackers make an attempt to physically destroy a device or its components.
● Disturb attacks. They impair or alter the functionality of a device.
● Reprogram attacks. Making changes in how a program functions. Indeed, these are a subset of the disturb attack.
● Denials of service (DoS) attacks. These attacks refer to a situation where you cannot get the service from your device as a result of the malfunctions in its software.
● Eavesdrop attacks. These are basically spying on your communication in matters related to health.
Why Medical Device Attack is Becoming Common
First, the widespread use of connected devices offers hackers a playground for their misdoings. It’s quite natural that a greater number of devices are associated with an increased risk.
As a matter of fact, every machine carries a certain degree of risk. But there are more reasons for the attack than the number of the machines. Here are some more things that might play a contributory role.
Experts believe it’s the security loopholes that provide a breeding space for such attacks. Many computers in the hospital are still running on some old versions of a Windows operating system. Moreover, the hospitals do not express much interest in spending enough to train their staffs.
Another security expert points out a different reason for the increasing events of medical device attack. He says the mismatch between the lifetimes of the software and hardware is fueling the events. Meaning, normally, the software has a shorter lifetime than a medical device.
For example, if a medical device works correctly for 30 years, the software inside it serves no more than 10 years. Moreover, the software also needs regular updates. What actually happens in the real world is the machine is left to work even though the software has expired.
Understanding the Role of FDA
In the US, the FDA regulates medical devices. The manufacturers are allowed to market their products only after they are able to show clear benefits over the risks. It urges the manufacturers to keep a close eye on their products in the matters related to cybersecurity. Similarly, the hospitals and health care facilities are required to closely monitor the performance of the devices in their institution.
Unfortunately, these efforts are apparently failing to prevent the attacks. We cannot expect a better situation until both the parties get serious about the hazards of the attack.
What Might Be the Solutions?
Owing to the complex nature of the problem, an exact security framework may not be possible, at least for now. However, practicing some essentials of cybersecurity will go a long way in minimizing the risk. The following list consists of the potential remedial or preventive actions.
● A well-defined reporting and feedback system in the health care facility.
● Identification of potential risks and evaluation of the risk management factors.
● A more stringent FDA regulation for the manufacturers and hospitals.
● Development and implementation of the industry standards among the device manufacturers. For example, ISO/IEC 27032:2012, IEC 62304:2006, IEC/TR 80002–3:2014 and others.
● Proper training and instructions for health care professionals and patients.
Want To Know More?
To learn more about medical device attacks and the measures to reduce its risk, visit www.FindaTopDoc.com. Also, gain unlimited access to a myriad of other benefits. Readers can find evidence-based health information with just a click. Driven by the aim to provide authentic information about diseases, drugs, supplements, medical procedures, and lifestyle tips to all its visitors, FindaTopDoc.com and CEO Anthony Casimano allow visitors to read about the best doctors locally. Readers can choose the doctor that best meets their unique health needs, and request to schedule an appointment instantly.
Source
http://www.f...ewapp.com/Category
HealthGet a Quote
You may also like...
