At Risk: Medical Device Cybersecurity Vulnerabilities Expose Patients to Life-threatening Consequences
Penetration testing offers two important benefits — security and regulatory compliance. Rising cybercrime, such as the Equifax breach, has affected millions of Americans who now insist on knowing that companies will keep their data secure. And government regulators are happy to help them do it by penalizing companies that do not comply with federal guidelines.
Last month, the FDA issued a warning about software vulnerabilities on multiple medical devices, including infusion pumps, anesthesia machines, and imaging systems. These vulnerabilities allow threat actors to trigger information leaks, gain access to hospital networks and, most worryingly, remotely control the devices themselves.
When people talk about medical device security, the conversation often turns to data security and HIPAA. There’s plenty to be said about protecting patient privacy, but patient safety is a greater concern.
The Internet of Medical Things (IoMT) is one of the most revolutionary developments in healthcare today. It empowers physicians to monitor patients remotely by providing the patient with network-enabled devices. These devices can track a wide variety of processes, from medication compliance to blood glucose level. Recalls of IoMT devices include pacemakers, infant heart rate monitors, insulin delivery systems, drug infusion pumps, and more. The time is now to focus on IoMT cybersecurity.
Hacking humans with nanotechnology may sound like a concept from a futuristic science fiction novel or movie, but the truth is, it’s not that far off and it could be the next big cyberthreat. If you thought data breaches involving your social security number or credit card information were scary, imagine the ramifications nanotechnology hacking.
This blog features an interview of Alpine Security’s CEO, Christian Espinosa, on medical device security by Caroline Cornell, originally posted at classaction.com. Medical devices have largely been neglected from a cybersecurity perspective. Many of these devices run legacy operating systems, are full of vulnerabilities, and were not intended to be connected to hospital networks.