The healthcare industry is teaming up with electronic medical devices. And many of them are connected to the local area network in a medical facility, making them IoT (Internet-of-Things) devices.
These IoT medical devices offer many benefits, including the ability to capture patient data and upload it to an electronic medical record automatically. But, these benefits come with a downside. Anything connected to a network can be reached by a hacker, which means it can be hacked. And unfortunately, even today, many of these IoT medical devices are extremely vulnerable to attack.
Why Medical Devices are so Vulnerable
The reasons many IoT medical devices are still so vulnerable are threefold. The first is market pressure. While it’s true that many years ago, first-generation IoT medical devices could not include sufficient resources for strong cybersecurity, that’s no longer the case. Compute power and storage are now extremely small and affordable, as evidenced by the power of mobile phones. And yet, little of this technology has made its way into these devices. Why not?
The market pressure to keep the cost of these devices down and get them to market quickly has limited manufacturers’ investment in this area. So, while these devices could be more secure, many are not.
The second reason these devices are so vulnerable is the network they’re connected to. Systems are only as strong as their weakest link, and in many cases, the networks these IoT devices are connected to have not to be hardened against attack. In the worst situations, they are connected to the same hospital WiFi that guests use, where the password is made publically available.
And third, no one is really worried about devices like pacemakers and insulin pumps getting hacked. From AAMC, “When it comes to cybersecurity vulnerabilities in health care, implantable medical devices represent a relatively minor target for malicious hackers, most experts say.”
What Should be Done
Hopefully, it won’t take a major incident to change things in the industry. Medical devices need to start being secured right from the moment they are designed.
Medical devices are all part of a larger ecosystem which includes hardware, software, the network, and the patient. All of these must be taken into account when securing medical devices. And what’s the best way to do that? Threat modeling.
Threat modeling is essential for securing medical devices during the design stage because it takes a holistic approach to security. In other words, it considers everything