Did you know that right now we have about 5 billion connected smart devices in use? Is it surprising that it is predicted that by 2020 that number will skyrocket to 25 billion? Of all these connected devices, a significant portion of these devices will be medical devices such as pacemakers, in-home monitoring systems and drug pumps. The risks associated with these connected medical devices are plentiful. The biggest concern is medjacking. Medjacking is short for medical device hijacking.
Medjacking has becoming more and more prevalent as more medical devices get connected. In June 2015, TrapX Security released a report that detailed incidents of medjakcing in three hospitals:
- Passwords were stolen to the hospital’s network and confidential data transmitted to computers in Eastern Europe via a blood gas analyzer infected with two different types of malware.
- Unauthorized entry into the hospital’s network to send sensitive data to China via the radiology department’s image storage system.
- Unauthorized access to the hospital’s network to access confidential data through a back door that hackers installed in a drug pump.
More of these types of incidents are likely to occur as more and more medical devices are connected to sensitive, confidential networks.
Why is this happening? What can we do? Currently, the U.S. Food and Drug Administration (FDA) has only released security “recommendations” for medical devices. But with this real-time operating system, the security flaws are being discovered by hackers and exploited faster than the security failure can be patched. The FDA will hopefully require medical device manufacturers to implement security features that meet a set standard; solve the problem of lagging security fixes and security patches; segment sensitive, confidential data from the networks that these medical devices are connected to; and train patients and health care staff on how to use medical devices in the most secure way they can. For now, be aware of these vulnerabilities and be sure your patients’ medical devices are not being exposed to medjackers.