Many drug infusion pumps are vulnerable to cyber attacks.
In a move that calls attention to an alarming trend in the world of computer hacking, penetration testing company Alpine Security has announced its intention to focus on cybersecurity for medical devices. These devices are among the latest targets of Alpine’s expert cybersecurity team, a group of extensively trained professionals who carry some of the industry’s most advanced certifications. These professionals are now working with hospitals, device manufacturing companies, and patient advocacy organizations to keep people safe from hackers that could put their health and lives at risk.
Thanks to Internet of Things (IoT) technologies, doctors can now monitor patients’ vital signs and track treatment with unprecedented convenience and accuracy. However, because this technology is so new and still lacks many of the safeguards embedded in older technology, these advances also mean that a patient’s private information – and their vital signs themselves – can fall into the hands of hackers.
In 2017, a group of researchers were able to secure equipment that intercepted radio frequency signals from cardiac devices. The researchers showed that they could reprogram those devices to drain the power from the device and even change the patient’s own heartbeat remotely. In response, the FDA recalled nearly half a million pacemakers.
The FDA has since cracked down on the security of “smart” medical devices, and providers have taken much of the weight. According to one FDA representative, “Healthcare Delivery Organizations (HDOs) are responsible for implementing devices on their networks and may need to patch or change devices and/or supporting infrastructure to reduce security risks.” This places a major burden on HDOs, which may not have the technological expertise to make the kind of evaluations and adjustments that this responsibility demands.
Alpine has responded to this urgent situation by applying its extensive cybersecurity knowledge and medical device penetration testing capabilities to where it matters most – patient safety. Its skilled team can identify the precise location of network and device weaknesses, getting to them before hackers can.
“Hospitals now have 10-15 networked medical devices per bed. Many devices that monitor vital functions or deliver medication have critical vulnerabilities. It is simply a matter of time before we have a major attack with catastrophic and fatal consequences.” – Christian Espinosa, Alpine Security CEO
In addition to its work with HDOs and device manufacturers, the company has offered its sponsorship to the Archimedes Medical Device Security 101 Conference, to be held in January of 2019 in Orlando, Florida. The conference will be a space where designers and users of networked devices can discuss the most pressing security threats in their industry, and where they can develop actionable solutions.
About Alpine Security
Alpine Security is a Service Disabled Veteran Owned Small Business (SDVOSB) that evaluates and addresses cybersecurity risks in networks and systems across multiple industries including healthcare. Committed to staying one step ahead of today’s most savvy hackers, Alpine uses state-of-the-art methods and offer every type of penetration test. Alpine is particularly experienced in optimizing the cybersecurity of network-enabled medical devices.