Cybersecurity in healthcare

One of the most terryfing things in cybersecurity is not our private data being leaked. Imagine our own health is compromised our healthcare data from an hospital is leaked, or even that some critical devices in our bodies could be manipulated remotely by others.

A Bayer MedRad device used to assist in MRI scans infected with the WannaCry ransomware.

A Bayer MedRad device used to assist in MRI scans infected with the WannaCry ransomware from Forbes.

Past year, when the WannaCry ransomware was a thing, some hospital networks were infected, causing hospitals to close their doors to new patients and halting treatments for other patients because they were not able to access the patient’s data records. A lot of healthcare data is being stored in the cloud, this has a expected growth rate of 20.5% by 2020, this is such a risk because, data in the cloud must be correctly protected, it requires robust encryption measures and appropiate authentication. 90% of hospitals run legacy applications to preserve patients data, these kind of applications can have serious security holes that a cybercriminal could take advantage of, they run old and unpatched operating systems (Causing the WannaCry infection).

Resultado de imagen para pacemaker security threats

Last year, St Jude Medical’s pacemakers had a security scandal. It turns out that half a million of patients’ pacemakers could be hacked to run the batteries out or even alter the patient’s heartbeat. The manufactured issued a firmware update (ha! an update for your heart, isn’t that cool?). They are all radio-controlled implantable cardiac pacemakers. The FDA (Food and Drug Administration agency) says that the vulnerability allows an unauthorised user to access a device using commercially available equipment and reprogram it, this could lead to the death of the patient. The security weakness was discovered by MedSec, a cybersecurity firm that specialises in researching vulnerabilities in the medical devices and healthcare industries, and it had previously been the target of a lawsuit from SJM for disclosing such vulnerabilities. It turns out that St Jude Medical knew about this vulnerability since 2014, but did not took action until the weakness was make public. You can read more about here, the story is great, with lots of plot twists.

Resultado de imagen para artificial pancreas system

Another device that might be a source of security scandals in the future is the artificial pancreas system, this thing is an IOT insuline monitor glucose monitor that comunicates with an insuline pump and a computer (like a raspeberry pi) via radio waves. There is even an open source project that lets you create your own system called OpenAPS.

Sources

http://resources.infosecinstitute.com/top-10-threats-healthcare-security/

https://www.theguardian.com/technology/2017/aug/31/hacking-risk-recall-pacemakers-patient-death-fears-fda-firmware-update

https://www.meddeviceonline.com/doc/artificial-pancreas-systems-rife-with-security-issues-say-experts-0001

Advertisements

2 thoughts on “Cybersecurity in healthcare

  1. I think that the root of these IoT problems is the stubbornness to not adopt secure practices. Developers creating commodities before ensuring user safety, trying to get the product out as quickly as possible; before someone else gets to it first. ¿What do you think about secure practices in IoT?

    Liked by 1 person

    • I think the root of the problem is the lack of education on the topic, people should not trust random startup companies, they may just take the money and run, leaving a large userbase with outdated and vulnerable software behind.

      Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s