Do No Harm. Matthew Webster
internet-connected medical devices. With no clear liability, there is little incentive to make secure products. The deck appears stacked against strong security in connected medical devices, and the drive to innovate further into Medicine 2.0 only compounds the issues over time. What we need to do is take a deeper dive into the technology to help us better understand the technological forces at play. What is underneath the proverbial covers is more concerning than the strategic challenges we face related to not just cybersecurity, but to the medical devices, our data, and in rare cases, our very lives.
Just because something rarely takes place does not diminish its importance. As internet-connected medical devices grow in number and complexity, so too will the vulnerabilities related to them, and ultimately this has an impact on the security of not only the devices, but also our data. To accentuate the point of continual innovation, that innovation is often on the software side of the house, and keeping up with the micro changes in each device can and does mean more security risks if proper oversight and process is not taken into account. The Silicon Valley approach of working directly with the customers to create changes almost on the fly is alluring to customers, but can also provide the fuel for more vulnerabilities in the ever-more interconnected world of internet-connected medical devices.
Notes
1 1 Nicole Feraro, “Health Prognosis on the Security of IoMT Devices? Not Good,” Dark Reading, April 25, 2020, https://www.darkreading.com/endpoint/health-prognosis-on-the-security-of-iomt-devices-not-good/d/d-id/1337649.
2 2 “The State of Ransomware in the US: Report and Statistics,” 2019, https://blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/.
3 3 “Covid-19: Ruthless Ransomware Authors Attack Hospitals,” 2020, https://securityboulevard.com/2020/06/covid-19-ruthless-ransomware-authors-attack-hospitals/.
4 4 Lily Hay Newman, “The Covid-19 Pandemic Reveals Ransomware's Long Game,” 2020, https://www.wired.com/story/covid-19-pandemic-ransomware-long-game/.
5 5 Jessica Kim Cohen, “Washington hospital refuses to pay $1 million ransomware demand,” 2019, https://www.modernhealthcare.com/cybersecurity/washington-hospital-refuses-pay-1-million-ransomware-demand.
6 6 Catalin Cimpanu, “First death reported following a ransomware attack on a German hospital: Death occurred after a patient was diverted to a nearby hospital after the Duesseldorf University Hospital suffered a ransomware attack,” 2020, https://www.zdnet.com/article/first-death-reported-following-a-ransomware-attack-on-a-german-hospital/.
7 7 “German Hospital Hacked, Patient Taken to Another City Dies,” Cleveland Daily Banner, https://hosted.ap.org/clevelandbanner/article/cf8f8eee1adcec69bcc864f2c4308c94/german-hospital-hacked-patient-taken-another-city-dies.
8 8 Sergiu Gatlan, “UHS hospitals hit by reported country-wide Ryuk ransomware attack,” 2020, https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/?utm_medium=email&_hsmi=96262261&_hsenc=p2ANqtz-8L3v0ZVtO4P3wgXU05ReBUHRZfuWMMoaMdTsDri89BURxNP-RVxwkTlH5sJZwmIx-oW7eVuuuTbnGmMcuDQ4DLodl79gsRrcB4LfLdQWpIT_7ESHw&utm_content=96262261&utm_source=hs_email.
9 9 SonicWall, “2020 Cyber Threat Report,” 2020.
10 10 Kelly Jackson Higgins, “Over 80% of Medical Imaging Devices Run on Outdated Operating Systems,” 2020, https://www.darkreading.com/iot/over-80--of-medical-imaging-devices-run-on-outdated-operating-systems/d/d-id/1337273?_mc=NL_DR_EDT_DR_daily_20200311&cid=NL_DR_EDT_DR_daily_20200311&elq_mid=96222&elq_cid=23133172.
11 11 Dalvin Brown, “Hacking Diabetes: People break into insulin pumps as an alternative to delayed innovations,” 2019, https://medicalxpress.com/news/2019-06-hacking-diabetes-people-insulin-alternative.html.
12 12 Serena Gordon, “Medtronic recalls some insulin pumps as FDA warns they could be hacked,” 2019, https://medicalxpress.com/news/2019-06-medtronic-recalls-insulin-fda-hacked.html.
13 13 “How vulnerable is the internet of medical things to cyber threats?” https://www.nuspire.com/wp-content/uploads/2020/04/Nuspire-IG-Healthcare-Infographic.pdf.
14 14 “What hackers actually do with your stolen medical records,” 2019, https://www.advisory.com/daily-briefing/2019/03/01/hackers#:~:text=Gary%20Cantrell%2C%20head%20of%20investigations,security%20numbers—which%20is%20enough.
15 15 “The Department of Health and Human Services And the Department of Justice Health Care Fraud and Abuse Control Program Annual Report for Fiscal Year 2019,” 2020, https://oig.hhs.gov/publications/docs/hcfac/FY2019-hcfac.pdf.
16 16 There are debates about Medicine 2.0 versus 4.0. It could take chapters to debate the difference between the two of them, but it would derail the discussion at hand.
17 17 Youssra Marjoua and Kevin Bozic, “Brief history of quality movement in US healthcare,” 2012, https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3702754/.
18 18 “HHS Issues New Report Highlighting Dramatic Trends in Medicare Beneficiary Telehealth Utilization amid Covid-19,” 2020, https://www.hhs.gov/about/news/2020/07/28/hhs-issues-new-report-highlighting-dramatic-trends-in-medicare-beneficiary-telehealth-utilization-amid-covid-19.html.