Nicole Wetsman of The Verge recently penned an in-depth article about the many security issues plaguing the global health care sector. As Wetsman observes, most hospitals and physicians are unprepared to counter critical cybersecurity threats, even though they pose a clear and present danger to public health.
Connected Medical Devices: Cyberattacks and Vulnerabilities
“The health care industry increasingly relies on technology that’s connected to the internet: from patient records and lab results to radiology equipment and hospital elevators,” she writes. “That’s good for patient care, because it facilitates data integration, patient engagement and clinical support. On the other hand, those technologies are often vulnerable to cyberattacks, which can siphon off patient data, hijack drug infusion devices to mine cryptocurrency, or shut down an entire hospital until a ransom is paid.”
These vulnerabilities, says Wetsman, have prompted the FDA to issue specific guidelines that detail how medical device manufacturers should manage security risks – both before and after products are put on the market. The FDA also illustrated the importance it places on keeping medical devices secure when the government agency hosted a workshop on the subject in January 2019.
“At the workshop, a group of device makers (including big names like Abbott and Medtronic) committed to working closely with [white hat] hackers and security researchers on vulnerabilities,” she adds.
Altering Programming on an Implanted Defibrillator
Just a few months after the above-mentioned FDA workshop, the United States Department of Homeland Security (DHS) issued an alert confirming that approximately 750,000 heart devices manufactured by Medtronic had a serious cybersecurity vulnerability. According to the DHS, this vulnerability could have potentially allowed an attacker with insider knowledge to harm a patient by altering programming on an implanted defibrillator. Moreover, the vulnerability affected bedside monitors that read data from the devices in patients’ homes and in-office programming computers used by doctors.
As Joe Carlson of the Star Tribune reports, the first, more serious vulnerability could have allowed an attacker to intercept and modify data sent between a defibrillator and an external device such as an at-home monitor.
“The system [didn’t] use formal authentication or authorization protections, which means an attacker with short-range access to the device could [have] inject[ed] or modif[ied] data and change[d] device settings,” he explains. “The second vulnerability allow[ed] an attacker to read sensitive data streaming out of the device, which could include the patient’s name and past health data stored on their device. The system [did] not use data encryption.”
Rebuilding Trust with Secure by Design
From our perspective, patients need to be able to trust their healthcare providers. Similarly, healthcare providers should be able to trust the medical devices they use. Indeed, according to Scott Best, Rambus’ Technical Director of Anti-Counterfeiting Technology, the most effective way to ensure trust all around is for health device manufacturers to adopt a “secure by design” approach to product development.
“Secure by design means making security the number one priority during the design phase and keeping it there throughout the whole lifecycle of the device,” Best explains in a recent ITProPortal article. “Without security, none of the other safeguards that are designed to prevent harm can be assured.”
More specifically, says Best, manufacturers should integrate a hardware-based root of trust in their medical devices.
“In general, there are good reasons why hardware-based security is considered more secure than a purely software-based approach,” he elaborates. “Delivered at chip level through a secure core, the hardware root of trust separates general processing from secure processing – allowing a separate processor element dedicated to security tasks.”
A hardware root of trust, says Best, uniquely and immutably identifies a device and can be used as a cryptographic seed.
“This permits a manufacturer to manage the access rights for the devices it produces and assign those access rights to legitimate parties,” he explains. “Using cryptographic functions, this then enables a secure line of communication to be had between the device and those who need access to it, removing the ability for remote access by a non-approved individual. By eliminating the risk of unauthorized communication and access, along with enabling devices to only accept digitally signed updates that are specific to the device, trust can be assured both in the functions of the device and the data it reports.”
As Best concludes, if the industry really wants to see the connected age deliver on its healthcare promise, device manufacturers need to ensure that security is front and center of the conversation.
“If we don’t do this, then the trust needed for the healthcare sector to benefit from connectivity, big data and automation will be lacking and patients won’t see the benefits they should,” he adds.