Home Articles Downloads Forum Products Services Seminar Contact
Previous Thread
Next Thread
Print Thread
Rate Thread
Page 1 of 2 1 2
Protecting medical devices from cyber attack #74337 08/07/19 12:15 PM
Joined: Jul 2000
Posts: 1,770
John Sandham Offline OP
Hero
OP Offline
Hero
Joined: Jul 2000
Posts: 1,770
If a Hospital buys medical equipment, they know that they have to manage the security and privacy of their patients, and therefore build defences to protect their networks, but what about the equipment itself?

How secure is our medical equipment, especially bluetooth enabled devices?
What are suppliers doing to stop devices becoming an inadvert 'back door' to private and confidential information?
Even worse, is the security sufficient to stop tampering with device settings?


Be Proactive and reactive.
Re: Protecting medical devices from cyber attack [Re: John Sandham] #74338 08/07/19 4:16 PM
Joined: Feb 2004
Posts: 13,861
Geoff Hannis Offline
Super Hero
Offline
Super Hero
Joined: Feb 2004
Posts: 13,861

Never mind cyber attack ... what about passwords (as well as pump access codes) being left scribbled on Post-it notes? think

But think positive, John ... it's just another justification for maintaining in-house tech support, and the time-honoured tradition of having senior biomeds stride around their domain (hopefully with their eyes open) once every day or so.

Re: Protecting medical devices from cyber attack [Re: Geoff Hannis] #74339 08/07/19 4:31 PM
Joined: Jun 2000
Posts: 2,351
Huw Offline
Hero
Offline
Hero
Joined: Jun 2000
Posts: 2,351
Originally Posted by Geoff Hannis

Never mind cyber attack ...

Really?

The FDA (amongst others) would disagree...
https://nakedsecurity.sophos.com/20...implants-can-be-hacked-fda-issues-alert/

Re: Protecting medical devices from cyber attack [Re: Huw] #74340 08/07/19 5:40 PM
Joined: Feb 2004
Posts: 13,861
Geoff Hannis Offline
Super Hero
Offline
Super Hero
Joined: Feb 2004
Posts: 13,861

Presumably the FDA were the ones who allowed those devices to be marketed in the first place.

There's not much the front-line biomed can do about stuff like that. frown

Meanwhile, I have always cautioned against the Great Rush Forward to embrace whatever wuss-o-rama new technology is the current flavour of the month. Techniques used in medical equipment should be solid (well engineered, proven and resilient). After all, we are dealing with people's well-being (and sometimes their lives) - not the latest iPhone updates, or ticking "Likes" on social media.

Quote

A decade or more ago, adding wireless capability to huge amount[s] of medical equipment looked like an easy win for convenience.

Unfortunately, security was low on the priority list and based on too many assumptions about likelihood and motive.


Organisations like the FDA are meant to be protecting us from such idiocy.

However - we can (and should) always be on the look-out for security breaches "nearer to home", of the type I have mentioned.

Re: Protecting medical devices from cyber attack [Re: John Sandham] #74351 11/07/19 9:08 PM
Joined: Sep 2017
Posts: 83
Ian Chell Offline
Adept
Offline
Adept
Joined: Sep 2017
Posts: 83

Re: Protecting medical devices from cyber attack [Re: John Sandham] #74385 24/07/19 1:05 PM
Joined: Jul 2000
Posts: 1,770
John Sandham Offline OP
Hero
OP Offline
Hero
Joined: Jul 2000
Posts: 1,770
Interesting document Ian,

I note the state: Connected medical devices present a great opportunity. By eliminating the need for manual
data entry, potential benefits include faster and more frequent data updates, diminished human error, and improved workflow efficiency.

I was speaking to an IT security expert who told me that it is not 'science fiction' for a connected medical device to be accessed from outside the hospital and adjusted remotely to harm or potentially kill patients, because the IT security on medical equipment is so poor.

Geoff, can't beat having feet on the ground, but younger biomeds (not us!!) need to understand this cyber stuff too.


Be Proactive and reactive.
Re: Protecting medical devices from cyber attack [Re: John Sandham] #74386 24/07/19 2:25 PM
Joined: Feb 2004
Posts: 13,861
Geoff Hannis Offline
Super Hero
Offline
Super Hero
Joined: Feb 2004
Posts: 13,861

Yes; but why would anyone ever want to go to such lengths? think

Meanwhile, did this "expert" offer up any clues or suggestions about how such a scenario could be remedied?

More "tin-foil" required?

Feet on the ground ... and head in "The Cloud". smile

Be alert ... biomed needs Lerts.

Re: Protecting medical devices from cyber attack [Re: John Sandham] #74387 24/07/19 10:07 PM
Joined: Sep 2017
Posts: 83
Ian Chell Offline
Adept
Offline
Adept
Joined: Sep 2017
Posts: 83
Hi. interesting to note your comments about younger biomes. You may have seen my recent request for any old CF devices - for the B/MEng course in Biomedical Eng at Birmingham City Uni. I think I will suggest they explore having a lecture in cyber comms basics to understand IP addressing and the ISO model etc.

There was a great talk at the EBME Conf. at Silverstone 2 years ago about cyber attacks - the speaker showed a toy doll which had internet capabilities that could be hacked!

Siemens came to the rescue for my call for an old contrast injector - really helpful and generous

Re: Protecting medical devices from cyber attack [Re: John Sandham] #74411 30/07/19 12:51 PM
Joined: Jul 2000
Posts: 1,770
John Sandham Offline OP
Hero
OP Offline
Hero
Joined: Jul 2000
Posts: 1,770
I am hoping to have an IT expert speak at the 2020 EBME Expo on cyber security for medical equipment.

Geoff,
I agree, why would anyone do such a thing as hack into medical equipment?
Potentially:
Just for fun;
To get the NHS to pay a ransom...(been done before);
To harm or kill someone (potentially an ex-russian spy? perhaps being treated in an NHS hospital for nerve agent poisoning??)
Terrorism;
etc...etc.
Who knows, but the security of a piece of medical equipment should be equivalent to other industry sectors (Aircraft, motor vehicles...), and it is not there yet. shocked


Be Proactive and reactive.
Re: Protecting medical devices from cyber attack [Re: John Sandham] #74412 30/07/19 1:09 PM
Joined: Feb 2004
Posts: 13,861
Geoff Hannis Offline
Super Hero
Offline
Super Hero
Joined: Feb 2004
Posts: 13,861

Ah; not a very high bar, then. frown

Potentially at least, any "device" that passes or accepts radio transmissions can be open to interference "by others". As you know John, military communications go to great (and expensive) lengths to make radio transmissions secure (channel hopping, sending in short bursts, and what-have-you); and even then they don't always succeed.

Similarly, anything connected to networks, especially "open" networks such as the internet, can't help but be vulnerable to "attack" (just as computers connected to the internet are).

Cellphone ("mobile phone") transmissions can be intercepted (listened to) by "certain agencies", so I expect they can also be corrupted (interfered with) - and certainly shut down.

For me the bottom line is:- why should medical equipment be "connected" at all? think

Yes, I understand the advantages - a physician being able to keep an eye on patient parameters via a Smartphone, and so forth - but I believe that (more) serious consideration should be given to:-

1) Whether the advantages outweigh the risks
2) Having equipment transmit data only (and not receive)
3) If "receive" is a "must" - only allow it over closed (internal, hospital) networks

OK John, there's your synopsis, right there. smile

Page 1 of 2 1 2

Moderated by  DaveC in Oz, KM, RoJo 

Who's Online Now
0 registered members (), 157 guests, and 33 spiders.
Key: Admin, Global Mod, Mod
Newest Members
eldelcable, eng.maloudat, Vincenzo89, BTM, BigEric
9482 Registered Users
Events
Philips - National Conference
Forum Statistics
Forums25
Topics10,437
Posts70,739
Members9,482
Most Online1,391
Mar 26th, 2018
Powered by UBB.threads™ PHP Forum Software 7.7.2