Posted by Julian Alvarado on September 14, 2018
The Internet of Things is all around us. But it doesn’t stop there—now it’s inside us too. As the era of “connected everything” explodes, so does the use of network-connected medical devices. These interconnected devices, ranging from hospital imaging equipment to implantable pacemakers to infusion pumps, help healthcare providers and patients in a variety of tasks—monitoring vitals, regulating dosages, improving diagnostics, and more. But the convenience of this functionality comes with a trade-off: vulnerability. If attackers gain access to a connected medical device, the potential consequences include severe injury and even death. Consider this:
Given these statistics, it isn’t surprising that among medical device manufacturers, two-thirds believe an attack on a medical device they built is likely within the next year. But only 17% have taken significant steps to prevent an attack. Making matters worse, less than half of manufacturers—and only 22% of healthcare delivery organizations—have a device incident response plan in place.
Thankfully, reports of device hacks are still rare, and there have been no deaths. It seems that so far, the benefits outweigh the risks. And the FDA’s adoption of UL 2900-2-1 as a premarket certification standard is a step in the right direction. But the number of vulnerabilities identified—and recalls and updates issued—is increasing steadily. Check out the timeline below to learn more about the history of security vulnerabilities in medical devices.
Get the latest Software Integrity news, thought leadership, and more.