Don't get hacked off: What cybercrime means for medical devices

by

Lu Rahman discusses the emergence of cyberattacks and what it means for the medical device industry. 

Four or five years ago we didn’t give too much thought to cyber attacks. How times have changed. In 2014 the FBI issued two warnings that connected medical devices were at risk. In 2016 Trend Micro’s Udo Schneider demonstrated how easily it was to hack into devices by placing one on a desk and bringing it to life through his computer. This came hot on the heels of the FDA telling hospitals not use certain products because of the risk they could be hacked. One device highlighted was Hospira’s Symbiq infusion system . The warning came that this device, that delivers medications directly into the bloodstream could, if hacked, lea d to over or under-infusion of critical patient therapies and severe harm could have come to patients using the device.

It’s a sign of the times that these warning have turned into full-blown hacks. When the UK’s National Health Service suffered a huge cyber attack, the threat to health systems, devices and patients became very real indeed. And with the global connected health and wellness devices market forecast to reach US$612.0 billion by 2024 – according to a report by Grand View Research – it’s a threat the global device sector is having to take seriously. Populations are living longer, there’s a trend for healthier lifestyles, so the demand for wearables is increasing.

With increased technology comes increased risk. Devices and organisations are vulnerable, something that Tony Rowan is chief security officer at SentinelOne told MPN’s sister title, Digital Health Age: “Old school antivirus technology is powerless to halt virulent, mutating forms of malware like ransomware and a new, more dynamic approach to endpoint protection is needed.”

Whether attacking a hospital or a device, all threats endanger to lives. This has been recognised by the FDA which has produced guidelines for post-market cybersecurity risk management of connected medical devices.

Organisations, countries, continents – cyber attacks don’t recognise boundaries. And we saw this when the WannaCry ransomware that affected the NHS also infected devices from life sciences company Bayer. According to Forbes at least two of the company’s medical devices were hit by the attack – Forbes received an image of an infected Bayer Medrad radiology device in a US hospital. The device is used to improve imaging for MRIs. Bayer confirmed to Forbes that it had received reports of the ransomware attack affecting customers in the US. Medical device companies such as company Siemens Healthineers and BD have also been affected by the attack.

As a part of a global industry it’s up to us to ensure we understand, and implement the systems and security  required to minimise the effect of attacks. They’re not going away – and if anything they’re likely to increase – it’s time to start thinking about how we can globally lessen the impact they have both now and in the future...

Back to topbutton