View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. News
March 16, 2018

Medical device cyber-attacks could have severe consequences: Report

By Charlotte Edwards

A report by the Royal Academy of Engineers has found that the vulnerabilities of medical devices to cyber-attacks could have ‘severe consequences’ for patient safety.

The ‘Cyber safety and resilience: strengthening the digital systems that support the modern economy’ report listed devices such as pacemakers, heart pumps and MRI scanners as at risk.

Vice provost at Imperial College London and lead author of the research Professor Nick Jennings said: “Improving cyber safety and resilience requires all stakeholders to act together at scale and in a coordinated way, including government, the engineering profession, system operators and industry leaders. This report will help each of these groups to better understand the new systems that are being created, the emerging vulnerabilities and how to address them.”

Commenting on the report, Amir Abramovitch, security researcher at Cy-OT, said: “We know that a lot of Internet of Things (IoT) devices are insecure, and healthcare devices are no exception. In the last couple of years we have seen multiple vulnerabilities published for a variety of medical IoT devices. The main problem is that the worst-case scenario here is not data theft or malware infection, but death, and the scariest part is that some of these attacks can even happen remotely, where the attacker does not need to gain physical access to the device.

He added: “The vulnerabilities span from simple vulnerabilities such as insecure storage of the Wi-Fi password and hard-coded secret credentials for remote maintenance, to more severe vulnerabilities such as communication interception, for example changing the dosage of a drug, and full-on denial-of-service such as making the device stop functioning at all.

“This poses a threat not only to corporate businesses but to human life. The good news is that there are possible mitigations for these attacks, and they are quite easy to implement. The problem is that the companies making these devices do not understand the security implications of their poor design, and I hope they will learn it before it is too late.”

The report adds to an increasing amount of research suggesting that the safety of medical technology needs to be improved. Researchers from the Ben-Gurion University of the Negev, Israel, released a paper proving the relative ease of exploiting medical technology which uses out-of-date security software. In addition, the American College of Cardiology’s Electrophysiology Council also confirmed that individual patients’ medical devices could be at risk of hacking.

Related Companies

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. The top stories of the day delivered to you every weekday. A weekly roundup of the latest news and analysis, sent every Friday. The medical device industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to Medical Device Network