MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » FBI: Medical devices unprepared for new era of cyber attacks

FBI: Medical devices unprepared for new era of cyber attacks

By

Medical devices are unprepared for increasing cyber-attacks, FBI says

Medical devices and other hospital and healthcare systems need some serious security upgrades to weather the coming onslaught of malicious hacking, according to the FBI’s Cyber Division.

With an impending deadline to shift to electronic medical records, which fetch a high price on the black market, healthcare systems are an increasingly alluring target for cyber-criminals.

"The deadline to transition to EHR is January 2015, which will create an influx of new EHR coupled with more medical devices being connected to the internet, generating a rich new environment for cyber criminals to exploit," according to an unclassified FBI report. "The health care industry is not technically prepared to combat against cyber criminals’ basic cyber intrusion tactics, techniques and procedures, much less against more advanced persistent threats."

No targeted medical device hacks have been reported outside of research settings, but security analysts have found that many U.S. hospitals and their medical devices have been infiltrated by malware. Many systems remain infected as hacks go undetected, according to a report released earlier this year by Norse.

Medical devices such as radiology imaging software and X-ray machines are vulnerable to attack even if they don’t contain sensitive patient information. The vast majority of networked medical devices in hospitals today have minimal security protections, and "once medical devices are compromised, malicious traffic is transmitted through VPNs and firewalls" to other systems, the FBI said.

Perhaps the biggest vulnerability is healthcare IT officials’ belief that their systems are secure enough already.

"The health care industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," according to the federal memo.

Healthcare industry security reports released over the last year put the black market value of a partial electronic health record at $50 apiece, compared with $1 for a stolen credit card or social security number. Criminals can use EHR data to file fake insurance claims, get prescription drugs and "advance identity theft," and EHR fraud takes nearly twice as long to detect than normal identity theft.

Financial gains aren’t the only reasons that attackers may target healthcare systems. The infamous and inscrutable hacker group Anonymous made recent threats against Boston Children’s Hospital, calling on internet activists to bombard the hospital’s website with a flood of traffic to disrupt its online services. The group is demanding that BCH fire one of its doctors over the controversial detainment of a pediatric patient made ward of the state.

Cyber-attacks that attempt to overload servers with a flood of requests, sometimes called "denial of service" or DoS attacks, aim to disrupt an organization’s workflow by wiping out access to cloud-based tools and resources. Programmers can insulate their systems from such attacks by ensuring that servers and devices aren’t permanently knocked out after being bombarded, but recent testing has shown that many medical devices lack such protections.

Researchers at SecureState reported last year that their penetration testing found that devices such as IV pumps and X-ray machines are vulnerable to the fairly rudimentary form of attack. Earlier last year a pair of security researchers used a DoS hack to demonstrate that a Philips (NYSE:PHG) Xper hospital management system could be infiltrated and "owned" fairly easily.

Researcher and expert medical device hacker Florian Grunow told an audience at the European DeepSec conference last year that medtech vendors simply aren’t interested in security until they’ve been hacked or experienced some other digital dilemma that forces their hands.

Not many device makers have spoken openly about their interest (or lack thereof) in digital defenses, but industry titan Medtronic (NYSE:MDT) has said on more than one occasion that  medtech cybersecurity is a "high priority" for the company. Medtronic later reiterated its commitment in a manifesto on cybersecurity, promising to keep a close eye on its devices and take action on any new vulnerabilities it discovers.

In case you missed it

RSS From Medical Design & Outsourcing

  • Emerson introduces new miniature rocker isolation valve for clinical lab instruments
    Emerson (NYSE:EMR) has launched the ASCO Series 062 rocker isolation valve, designed for hematology and immunoassay analyzers, sample preparation and pre-analytical, as well as DNA sequencing instruments. The St. Louis, Missouri-based company said the two-way and three-way valves are compact at 16mm, allowing for easy integration into complex fluid-handling manifolds while reducing their footprint, weight… […]
  • Medtronic faces longer road to renal denervation
    Medtronic (NYSE:MDT) will continue the clinical study of its Symplicity Spyral renal denervation (RDN) system for hypertension into next year after lacking the positive results needed to end enrollment early. Fridley, Minnesota-based Medtronic said last month that it hoped to present results of the Spyral HTN-ON MED trial at the Cardiovascular Research Foundation’s TCT Conference… […]
  • Cadence is expanding in Pennsylvania
    Cadence (Staunton, Virginia) announced today that it is expanding its Product Realization Center in Cranberry Township, Pennsylvania. The company expects to finish the 21,000-square-foot expansion by March 2022. The expanded manufacturing footprint will include an additional Class 7 (10,000) cleanroom by the end of 2022. “Everything lined up so well for this expansion to take… […]
  • 3M beats The Street in Q3 as healthcare sales increase year-over-year
    3M (NYSE:MMM) shares rose slightly today on third-quarter results that topped the consensus forecast. The Maplewood, Minnesota-based company posted profits of $1.4 billion, or $2.45 per share, on sales of $8.9 billion for the three months ended Sept. 30, 2021, for a 0.3% bottom-line gain on sales growth of 7.1%. Earnings per share registering at… […]
  • Powering MRIs: 3 RF interconnect considerations to save time and money
    RF interconnects, including coaxial cables and connectors, are an integral part of MRI systems. Early awareness of challenges such as transmission loss, ease of installation and infrastructure requirements can help with performance and cost optimization in the design of new MRI systems. Kai Loh, Times Microwave Systems Magnetic resonance imaging (MRI) technology has advanced rapidly… […]
  • European approval ‘a big deal’ as Medtronic moves forward with Hugo surgical robot
    There’s excitement at Medtronic after the Hugo robotic surgery platform hit a major regulatory milestone. In 2012, Covidien formed an incubator called “Project Einstein,” focusing on combining robotic technology, data and analytics. What could they create? About nine years later, the product that emerged from Project Einstein made a significant step forward when the Hugo robotic-assisted… […]
  • Orchid announces hiring of chief quality, regulatory and EH&S officer
    Orchid (Holt, Michigan) announced that Lourdes De Cardenas Alfonso has joined the company as chief quality, regulatory and EH&S officer — effective today. Lourdes joins the orthopedic implants outsourcer from Medical Card System (MCS), where she was EVP of innovation. She has over 30 years of experience in quality control, regulatory affairs, technical services, business… […]
  • Nitto Kohki introduces vacuum pump for pick-and-place applications
    Nitto Kohki USA today announced the introduction of a standalone vacuum pump device that it says is ideal for pick-and-place applications, The LV-125A (Linicon) vacuum pump is particularly useful when house air is not available, according to the company. The pump is compact, lightweight, and features an oil-less design so that it can easily fit… […]
  • October 2021 Issue: Women in Medtech
       How Hologic made a major pandemic pivot: CFO Karleen Oberton reflects on key decisions and turning points of the COVID-19 pandemic. Insulet CEO Shacey Petrovic is pumped up to launch Omnipod 5 Boston Scientific’s Meghan Scanlon forecasts the future of urology There is still a long way to go to close the gender… […]
  • Study finds single-use bronchoscopes reduce hospital readmission rates by half
    A study of 14,228 bronchoscopy procedures found sterile, disposable scopes reduced readmission rates by more than half. The study, authored by Ambu consultant Dr. Hudson Garrett, analyzed procedures at inpatient hospitals as well as outpatient ambulatory facilities. He found that 3.6 percent of patients treated with a single-use, flexible bronchoscope were readmitted within 30 days,… […]
  • Medtronic hires social-media-minded chief medical officer for its gastrointestinal unit
    Medtronic (NYSE:MDT) today said it has hired Dr. Austin Chiang as the first chief medical officer of the medical device maker’s gastrointestinal business. Chiang is an assistant professor of medicine at Sidney Kimmel Medical College and director of the Endoscopic Bariatric Program at Thomas Jefferson University Hospital, both in Philadelphia. He holds a master’s degree… […]

Leave a Reply