The National Science Foundation in the US has
awarded TCU (Texas Christian University) approximately $250,000 in funding to
help it come up with effective measures that will protect medical devices from
cyberattacks.
Ensuring that networked equipment remains secure is
an increasingly pressing issue, as while the use of technology in healthcare is
an obvious benefit, full consideration of the security implications of new
tech has been slow.
It is this fact that Michael Bachmann, associate
professor of criminal justice at TCU, is seeking to address with his study –
cybercriminals are extremely likely to increase their activity in this area
meaning the threat is very real.
“Not only can you access
all these devices and wreak havoc within a hospital when you’re there, but you
don’t even need to be there.”
Speaking to WFAA-8,
the expert said that he is of the opinion that the vulnerabilities associated
with networked medical devices, including radiation machines and pacemakers,
need to be urgently addressed.
He described the cybersecurity situation in this
area as “dire”, adding: “Not only can you access all these devices and wreak
havoc within a hospital when you’re there, but you don’t even need to be
there.”
A high-profile example of the concern some people
have regarding the exploitation of connected devices came in 2013, when former
US vice president Dick Cheney revealed that he had deactivated the wireless feature
in his implanted heart defibrillator.
“Implantable cardioverter defibrillators can be
vulnerable to a range of electronic signals,” Adrian Culley, an information
security professional, was quoted by the BBC as saying at the time.
“Research has been undertaken which shows it is
entirely feasible to potentially exploit someone’s ICD, given close proximity
to the individual.”
Data protection is another concern
Other concerns that security professionals have
with healthcare is focused on data protection.
This was discussed in detail on We Live Security
recently, with ESET security researcher Lysa Myers noting
earlier this year that recent breaches at Premera and Anthem have highlighted
obvious flaws within organizations operating in the healthcare industry.
“Medical records are likely to remain a tempting
target as long as there is a sufficient return on criminals’ investment of time
and effort,” she said.
“It is important for healthcare practitioners and
businesses to take extra care of their patients’ data, as well as their
health.”