Connect with us

Hi, what are you looking for?

Tech & Science

Alert issued over cybersecurity concerns in hundreds of medical devices

Hackers are able to take over the devices and change readings, administer drug overdoses and threaten patient health. 

This handout photo released by the University of Maryland School of Medicine on January 10, 2022 shows surgeons performing a transplant of a heart from a genetically modified pig to patient David Bennett, Sr
This handout photo released by the University of Maryland School of Medicine on January 10, 2022 shows surgeons performing a transplant of a heart from a genetically modified pig to patient David Bennett, Sr - Copyright AFP/File JIM WATSON
This handout photo released by the University of Maryland School of Medicine on January 10, 2022 shows surgeons performing a transplant of a heart from a genetically modified pig to patient David Bennett, Sr - Copyright AFP/File JIM WATSON

In the U.S., the FBI has found hundreds of vulnerabilities in medical devices following recent Cybersecurity and Infrastructure Security Agency (CISA) alerts. These medical devices, including insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers and intrathecal pain pumps, all too often run outdated software and lack adequate security features.

As an example, the CISA has called out vulnerabilities in the Contec Health CMS8000 Vital Signs Patient Monitor. This is a device that’s designed to monitor a patient’s heart rate, oxygen saturation, temperature, and other vital signs.

As a result, hackers are able to take over the devices and change readings, administer drug overdoses and threaten patient health. 

To understand the risks more fully, Digital Journal caught up with Sally Vincent, Senior Threat Research Engineer at LogRhythm.

Vincent begins by outlining some of the recent issues that have impacted upon healthcare in general: “Cyberattacks against healthcare organizations have increased significantly in recent years. In the last month alone, the French Hospital Center Hospitalier Sud Francilien (CHSF) and CorrectHealth have fallen victim to cyberattacks.”

Turning her attention to medical devices, Vincent finds: “The FBI has recently discovered hundreds of vulnerabilities in medical devices such as insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers and intrathecal pain pumps.”

The problem is that as most technology has moved on, a lot of the software controlling medical devices or collecting information has remained static. Here Vincent notes: “Many of these devices are over 30 years old, run outdated software and lack adequate security features.”

This leads to the risks, which Vincent summarizes as: “These findings shed light on the potential dangers of security inadequacies in the healthcare sector, including threats to healthcare organizations’ credibility and, more importantly, to patients’ lives and data.”

Risks take other forms too. According to Vincent: “The cost of a cyberattack is highest in the healthcare vertical, which makes it imperative for healthcare organizations to keep cybersecurity controls top-of-mind—investing in more modern medical devices is only the first step.”

To redress this, measures need to be taken. Vincent recommends: “It is essential for organizations to adopt specific cybersecurity measures to ensure their patients’ safety, including strengthening their incident response plans to quickly and efficiently mitigate the effects of a breach.”

Vincent also advises: “Healthcare organizations must also implement password hygiene, threat detection capabilities and preventative and response controls that can thwart malicious cybercriminals, protect patient data and ensure that the day-to-day processes of IT systems continue to run without disruption.”

By taking this advice, success can be achieved as Vincent notes: “With these changes, healthcare organizations will be allowed full visibility into their IT environments, ultimately better protecting their patients and keeping valuable data secure.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

A new free app is helping Canadians verify whether the products they buy are made in Canada.

Life

The opioid epidemic costs the U.S. over $1.5 trillion annually, overloading hospitals, public health systems, and law enforcement.

Business

The feud between Elon Musk and Sam Altman has become one of the bitterest rivalries in business history.

Tech & Science

Artificial intelligence developer OpenAI is "not for sale", chief executive Sam Altman said in Paris Tuesday.