When it comes to medical devices, cybersecurity threat vectors aren’t limited to Bluetooth, WiFi, and other wireless technologies; the CPU is also vulnerable to attack.
Robert Caruso, CISSP
A common misconception about medical device cybersecurity is that the threat springs entirely from wireless communication. While Bluetooth, WiFi, Near-Field Communications, and Med Radio have increased the number of threat vectors for medical devices, the rising cybersecurity threat level is actually due to the same component that makes medical devices increasingly useful: the central processing unit (CPU). The smaller size and lower power requirements of today’s CPUs allow them to be placed in more devices, which provides capacity for both increased functionality and malicious intent.
Hackers do not attack a particular data channel such as wireless as an end in itself; their goal is to plunder resources (i.e., dollars and the computing network) by manipulating the data or functions of a vulnerable mobile device. Wireless is just one possible doorway, but other entry points, such as physical connections, firmware updates, and programmer station software, can also be targeted. High-end mobile medical devices have long been capable of receiving programming updates and forwarding patient data through wired, acoustic, or other communication links. While the need for physical proximity mitigates the ability for a hacker to access the device, this security control is often a side effect of the design.
Designers need to intentionally identify all necessary security controls by performing a risk assessment of the mobile medical device. In such an assessment, the critical functions, features, and data are mapped to device vulnerabilities to anticipate intentional misuse from all threat sources, including hackers, untrained users, the environment, or even patients themselves.
It is also important to map the device’s holistic functions because any change—even if it is seemingly unrelated—can introduce a new vulnerability. This process helps engineers keep in mind all of the significant functions and data storage needs of the device, not just its communication pathway.
Most mobile medical devices perform the following functions:
- Collect information about the patient, which is analyzed in real time or later by a medical professional.
- React to patient conditions with a feedback loop that utilizes programmable electronics, sensors, and transducers to have a real-time effect.
- Provide real-time feedback to the patient by providing information through an interface that incorporates LEDs, hematic, auditory, or electronic (both wired and wireless) elements.
- Receive new instructions for its programming, such as calibration information, patient data, and even a new firmware code.
This can arrive through interfaces that use acoustic, optical, manual, or electronic (both wired and wireless) inputs.
These functions of the device must be included in the risk assessment to document their planned or implied security controls that protect sensitive functions or data.
Today, wireless communication is ubiquitous in cell phones and laptops, and its preponderance in wearable electronics will be leveraged by hackers across many industries. Medical device cybersecurity experts must look beyond this vector and develop a risk mitigation plan that addresses all vulnerabilities while maintaining the device’s usability and availability.
Robert Caruso, CISSP, GMOB, is an information security architect at Battelle.
[image courtesy of CHAN PIPAT/FREEDIGITALPHOTOS.NET]