Case Study - Biomedical Devices - Preventing harm from security weaknesses

Case Study - Biomedical Devices - Preventing harm from security weaknesses

PROBLEM

Biomedical devices are a major cause for concern in hospital environments because:

  1.  They are connected to the hospital or care-provider’s network thus vastly increasing the attack surface area for evil-doers.

  2. Patient safety is at considerable risk as demonstrated by recent remote wireless hacks of insulin pumps and other patient monitors.

  3. Many devices have not had their operating systems patched or migrated to newer versions for years. These devices are especially vulnerable to known and widespread attacks of unpatched software. A virus infecting an “old” OS on an infusion pump can propagate and infect every other device, crippling the entire hospital network in minutes.

  4. The mobile revolution has resulted in many new consumer oriented apps or devices that perform patient monitoring which then send information upstream or downstream for additional diagnostic actions. Tainting of this upstream or downstream data is very possible and adds to patient safety concerns.