Over the past year, several events have given legs to the growing body of concern over the potential for medical devices to be compromised by hackers. Security tests of various devices by expert hackers and security laboratories have shown that a range of devices, from implantable insulin pumps to defibrillators, pacemakers, and other medical electronics, are vulnerable to hacking. The potential for such hacking to compromise a medical device recently became reality by the spread of a malware virus, “WannaCry” ransomware, that was able to compromise a variety of medical equipment such as imaging systems and dye injectors (Wired. Published March 2, 2017.).
Explore this issue:September 2017
What has emerged is the need to protect medical devices against a two-fold cyberthreat. First is the need to protect individual patients from the potential for harm if the device itself is compromised, such as a hack into an insulin pump that resets the device to administer a fatal dose of insulin to the patient. Second, systems must be protected against being hacked through the portal of a medical device, an easy entry point to a hospital network that could lead to stealing medical records.
To that end, a number of government and non-government agencies are working together to address these risks and ultimately protect patients while securing their privacy.