May 19 2015

Malware… for humans?

Imagine going to your general practitioner’s office for an annual physical. Your doctor checks your blood pressure, your heart rate, your temperature. Your doctor likely quizzes you about your diet, exercise, smoking habits, whether your artificial body parts are up-to-date with the latest patches. Wait. What? As if we didn’t have enough devices to stay on top of.

The benefits of treating chronic conditions with medical devices, such as a pacemaker or an artificial pancreas, are recognized; however, keeping those devices protected when they’re critical to our well-being is not as easily understood.  A study called “Cybersecurity in Artificial Experiments” was recently released by Diabetes Technology and Therapeutics that details the challenges around cybersecurity in medical devices, particularly in the experimental field, along with some solutions.

The study mentions the NIST Cybersecurity Framework (note the Identify, Protect, Detect, Respond, Recover conceptual references) to give context around what the community mindset should be like, especially highlighting that these concepts are only guidelines, not regulation – a common thing most industries are dealing with at the moment.

The text goes into detail about some of the possible threat vectors facing medical devices, breaking them down into two categories: external (e.g. network vulnerabilities) and internal (e.g. software integrity). The variety of ways a malicious actor could potentially impact a person’s life through their medical devices is startling – another reason to maintain proper cyber hygiene in your daily life.

This study is definitely worth a read, especially for those in healthcare!