A medical device doesn't need to be connected for cybersecurity to be an issue. Here are the threats you need to know.

Stephanie Domas

There have been a number of medical device conferences over the past few months, with some focusing on medical device cybersecurity. While attending these conferences, I enjoy finding opportunities to engage medical device manufacturers on the topic of cybersecurity and how they currently address it. Nothing makes me happier than learning that they are proactively designing security into their devices. However, one of the most common things I still hear is, "Our devices aren't connected, so we don't have to do anything about cybersecurity yet."

Wrong.

Any device that speaks in 1's and 0's has a cyber-attack surface, not just devices that are connected to the internet. Understanding your device's attack surface allows you to understand your device's unique threat model. Your device's threat model derives from a holistic view of its features and functionality and contains the malicious acts, whether intentional or not, that could afflict your device.

One of the characteristics we consider when building a threat model is the attack vector, or method for a threat to be executed. An option we examine is remote threats, or threats that can take place over the internet. These are threats against connected devices. However an alternative vector we consider is physical access threats, meaning the attacker having physical access to the device. Devices with no 'connectivity' still have a physical access attack surface.

With physical access there are a wide range of threats we have to consider. There are the easiest physical access threats, stemming from exposed communication ports such as USB or serial lines. These offer someone with physical access easy methods of potentially manipulating the system or accessing sensitive data (including both PHI and intellectual property).

Digging deeper, we then consider threats that could occur when an attacker opens up a medical device enclosure. Now, internal headers, often used for debugging and programming, start to be considered. Think about it: what can an attacker access and change through these ports? And it goes even deeper: a motivated attacker can make board modifications, such as soldering onto components that didn't have exposed programming headers or soldering onto an internal communication bus to intercept or manipulate internal board communication. What happens if they manipulate communications? What data can they access?

Beyond the physical access threats, another reason to consider cybersecurity is the fact that medical device design is often an iterative process. The next version of your medical device typically builds on the previous version. There is increasing pressure from industry for more connectivity in medical devices. When the pressure reaches your device family--and it eventually will--if you haven't considered cybersecurity previously, you might find you have to redesign your device from the ground up. 

Truly, cybersecurity is not limited to only connected medical devices--and while no device can ever be 100% secure, integrating secure design principals can provide patients with a greater quality of care through medical devices they can trust.

Stephanie Domas is lead medical device security engineer at Battelle. 

[Image courtesy of MRPUEN/FREEDIGITALPHOTOS.NET]