Loading...
Tech Trend

Why Cybersecurity Threats in Medtech are Really Scary

Medtronic’s recent MiniMed insulin pump recall has brought medical device-related cybersecurity concerns back into the spotlight.

Due to cybersecurity vulnerabilities identified in Medtronic’s MiniMed 508 and MiniMed Paradigm insulin pumps, a hacker could potentially connect wirelessly to a nearby device and change the pump’s settings, FDA said on Friday. This could allow a person to over deliver insulin to the patient, leading to low blood sugar, or to stop insulin delivery, leading to high blood sugar and a buildup of acids in the blood.

To be clear, there have not been any confirmed reports of patient harm related to these risks, but it’s scary to think about the possible fallout if a hacker were to take advantage of this vulnerability to intentionally blackmail or hurt a targeted individual who happens to use one of these devices.

Due to cybersecurity vulnerabilities identified in Medtronic’s MiniMed 508 and MiniMed Paradigm insulin pumps, a hacker could potentially connect wirelessly to a nearby device and change the pump’s settings, FDA said on Friday. This could allow a person to over deliver insulin to the patient, leading to low blood sugar, or to stop insulin delivery, leading to high blood sugar and a buildup of acids in the blood.

To be clear, there have not been any confirmed reports of patient harm related to these risks, but it’s scary to think about the possible fallout if a hacker were to take advantage of this vulnerability to intentionally blackmail or hurt a targeted individual who happens to use one of these devices.

Cybersecurity is one of the biggest issues keeping medtech manufacturers awake at night, according to a panelist at MD&M West 2019.

“Depending on the particular segment, cybersecurity is a really critical issue for the medtech industry,” said Yarmela Pavlovic, a partner at Hogan Lovells, an international law firm. “I see companies at varying stages of adoption in cybersecurity policies, and for very young companies coming more from the tech industry, cybersecurity feels like a much more natural fit. . . But then there are a lot of companies grappling with legacy products and trying to implement cybersecurity controls based on more modern technology for products where those concerns were not part of the original design and development.”

Steve Abrahamson, senior director of product security at GE Healthcare also spoke about cybersecurity at MD&M West in February.

“Going back five or 10 years ago, researchers started showing that it was possible to hack into medical devices and possibly cause the patient harm,” Abrahamson said. “… It’s never actually happened in the real world, but it is very terrifying to people because it could happen in theory.”

Abrahamson said there has been a shift in mentality when people think about security for medical devices.

“In traditional safety risk management, we’re protecting people from malfunctioning devices,” he said. “When we think about cybersecurity risk management, we’re protecting devices from malfunctioning people.”

The Harshest Critics of Medical Device-Related Cybersecurity Flaws

Reports of cybersecurity vulnerabilities like Medtronic’s has drawn particularly harsh criticism from cybersecurity experts outside of the medical device industry.

“Medical device manufacturers who aren’t engaging in real security, or in this case, even basic security practices, should probably have their FDA approvals revoked,” said Aaron Zander, head of IT at HackerOne, in response to an earlier cybersecurity issue involving Medtronic’s implantable defibrillators. “Unlike a kids toy or a car where a recall is as simple as sending something back in the mail or driving it back to the dealership, an embedded device, one literally embedded in you, isn’t meant to come out and be replaced regularly. The surgery to replace this with a ‘better’ or ‘safer’ version in itself is dangerous and comes with life-threatening repercussions.”

Read More:Why Cybersecurity Threats in Medtech are Really Scary

Leave a Reply

Your email address will not be published. Required fields are marked *