Top Medical Device Security Threats: Deloitte

Brian Buntz

September 26, 2013

2 Min Read
Top Medical Device Security Threats: Deloitte

"[Medical] devices have barely been looked at [in terms of cybersecurity] for a variety of reasons," said security expert Jay Radcliffe. "I am pretty certain that if you look at any medical device you could find a problem. You could find things in the computer field that would be considered as vulnerabilities."

A recent report from Deloitte titled "Networked medical device cybersecurity and patient safety," agrees about the security problem in the medical device field. Referring to networked medical device as a "double-edged sword," the report states that connected medical devices could be hacked, infected with malware, or controlled by unauthorized users. Deloitte interviewed nine medical device security experts and summarized the following four risks as the most severe: 

  1. Anonymous maskHacktivists. Anonymous hackers have already launched DDoS attacked on banks. Although hackers haven't attempted to cause a service interruption related to medical devices yet, they may in the future, according to the Deloitte report. 

  2. Thieves. Thieves could attack medical devices to harvest personal information for identify theft or to commit fraud against healthcare organizations or Medicare. They also could sell personal health information. 

  3. Virtual Assailants. Individuals or groups could hack medical devices to remotely attack individual patients. This scenario was depicted in a Homeland episode, in which the U.S. vice president was assassinated by terrorists who compromised his pacemaker. Such attacks could be potentially detected by keeping tabs on devices' power consumption. The idea is that a medical device with hacked code would translate into altered power consumption. Researchers have devised a system called "WattsUpDoc" that could track such fluctuations to identify device hacking. 

  4. Malware. Unlike the previous three threats, which are very real possibilities, malware on medical devices is already a problem. The medical device industry has not been as aggressive in preventing malware attacks as the broader tech industry. And last year, Google shut down the website of device company CareFusion Inc. after the site sent updates to the firm's respiratory products that contained Trojan horse viruses and malware. Last year, Gizmodo ran a story stating that malware was rampant on medical devices and earlier this year, FDA acknowledged its threat as well. 

See also:

Brian Buntz is the editor-in-chief of MPMN and Qmed. Follow him on Twitter at @brian_buntz

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like