Researchers have developed a "behavior-monitoring system" that they say can detect malware infecting medical devices, giving users greater insight into their technologies and prompting further action should a device become compromised.
The device, dubbed WattsUpDoc, operates externally to any medical technology, tapping into its electrical power usage and looking for patterns that indicate the presence of malware with a fairly high degree of accuracy.
"In our experiments, WattsUpDoc detected previously known malware with at least 94%accuracy and previously unknown malware with at least 85% accuracy on several embedded devices," lead author and University of Massachusetts Amherst PhD. candidate Shane Clark wrote in a blog post for the Ann Arbor Research Center for Medical Device Security. "With better visibility and earlier warnings, WattsUpDoc can help to detect problems that otherwise could lead to hazardous situations and harm."
Medical device cybersecurity has garnered an ever-growing spotlight as more hospitals worry about the integrity of their networks and their patient medical records and cybersecurity researchers and ethical hackers, like the recently deceased Barnaby Jack, divulge more potential exploits.
The devices themselves can be difficult to keep secure because many can’t be easily patched and most aren’t amenable to common commercial anti-virus programs. Manipulating the software itself can void a warranty or even jeopardize the primary functions of the device.
"The fundamental tension for owners of these devices is that they can have the devices they need to perform critical functions, but they cannot adequately protect the devices using conventional, software-based means," the researchers wrote. It also leaves hospitals and their IT administrators to identify and meaningfully report problems to public adverse events databases.
WattsUpDoc overcomes those challenges by existing outside of the system, monitoring electrical usage, "learning" what normal activity looks like and then flagging usage that appears unusual. The device can’t independently remove threats or take action to defend the system, but it may stand as a sentinel at the very least.
"While the power-analysis techniques in this paper show some promise for revealing malicious activity on embedded or hard-to-change devices, they are not a complete solution to the problem of malware on these devices," the authors wrote.