During an exhibition at the 2011 Black Hat Conference in Las Vegas, security researcher and diabetes patient Jerome Radcliffe demonstrated how he could hack his own insulin pump and administer a potentially fatal dose of medication to his body.
"It's basically like having root on the device, and that's like having root on the chemistry of the human body," he said referring to his ability to hack his insulin pump.
This got the attention of medical device manufacturers that needed to begin thinking about the vulnerabilities in their devices. By leaving their equipment open to cybercriminals, there is no telling what type of devastatation hackers could create.
Do medical device manufacturers have time to protect products?
Software vulnerabilities will continue to exist, but it is up to medical device manufacturers to ensure that their products as secure as possible from cybercriminals. Furthermore, when these vulnerabilities are found, can medical device manufacturers quickly roll out new updates? An article for InformationWeek discussed whether medical devices could remain protected or come under attack due to the lags that occur in revalidating the software.
Medical device manufacturers that claim to not have the time to implement these instant changes should look into partnering with shelter companies in Mexico to provide IT support. Leasing a facility south of the border to house IT staff could provide the help medical device manufacturers need to ensure their products are secure from cyberthieves. When developing an IT sector in Mexico, shelter companies recruit their own staff, provide accounting services and maintain the site's physical infrastructure. Dedicating a well-qualified team to software updates could greatly decrease the potential for vulnerabilities to be accessed by cybercriminals.
"In a world in which communication networks and medical devices can dictate life or death, these systems, if compromised, pose a significant threat to the public and private sector," wrote the U.S. Food and Drug Administration in a warning to medical device manufacturers and healthcare institutions.
Mobile medical devices create several benefits
Protecting mobile medical devices such as the insulin pump used by Radcliffe have become increasingly important as many Americans rely on these gadgets to improve the quality of their lives. This is why the FDA and the The Center for Internet Security are staying active in trying to strop attacks at the source.
"The mobile device provides a critical function," Will Pelgrin, chief executive of CIS, told Fox Business. "It only takes the weakest link on that network to cause havoc and potentially have consequences."
The two entities are in the middle of developing a series of benchmarks to ensure cyberthreats are no longer a factor in the medical device manufacturing industry. By getting companies that develop pacemakers, defibrillators and other devices to talk about cybersecurity, the FDA and CIS can work together to improve the security of medical gadgets.
"This is a call of action to get as many manufacturers as possible to participate in this effort with us," Pelgrin told Fox Business. "As we get [them] to the table we will see where their priorities are."