Hacking Medical Devices: The Next Big Healthcare Cyber Threat

By WatchGuard Technologies The way in which our modern world is connected can be summarised by the popular phrase, the Internet of Things (IoT) and we are well used to things like Smart Homes, devices like the Amazon Echo Dot and Google Home offering greater connectivity. As more and more common household accessories become connected […]

By WatchGuard Technologies

The way in which our modern world is connected can be summarised by the popular phrase, the Internet of Things (IoT) and we are well used to things like Smart Homes, devices like the Amazon Echo Dot and Google Home offering greater connectivity. As more and more common household accessories become connected there is always the ever-present risk of how these devices are kept secure from online threats. And, whilst we might not mind so much if our toasters get hacked, the reality is that a weak point of any network can lead to more global damage.

The implications of our own personal networks being hacked are obvious and are an inherent threat which we can choose to mitigate. Far more worryingly is the fact that the IoT trend has extended into almost all areas of both the private and public sector. Whilst the former has the budget to keep their networks secured, the latter has an alarming number of unprotected devices.

Of greatest concern is the healthcare sector, hospitals in particular. Whilst advances in state-of-the-art technology is a good thing for healthcare provision the fact that these devices are connected to the internet and are vulnerable to attack is a disturbing reality. Devices like pumps, scanners and even life support machines are being left unprotected on a massive scale with almost 36,000 US healthcare-related devices identified on Shodan (the search engine designed to be able to find internet connected devices).

May Wang, CTO of IoT Security Solutions company ZingBox provides sharp relief on these concerns:

“For the past three years the healthcare sector has been hacked even more than the financial sector. And more and more hacking incidents are targeting medical devices.”

At a basic level, these under secured devices provide easy access points into the wider networks potentially allowing access to huge amounts of sensitive patient data. Such attacks like the one experienced in the UK with the WannaCry ransomware attack that affected the NHS in May 2017. At an individual level, with devices such as implants like cardiac defibrillators having wireless connectivity there is a very real and present danger of hackers being able to cause devastating consequences; either maliciously or accidentally.

Security teams working in the healthcare sector are constantly playing catch up with this type of threat as new devices are adopted all the time that pose new dangers. Experts believe that the onus should be on the designers and manufacturers of these medical devices to ensure that they comply with a rigid and statutory set of guidelines on security.