Connected medical devices such as CT and MRI scanners, patient monitors and artificial respirators will become targets for attackers who want to remotely take over, reprogram or disable the devices, steal their data, or use them to launch a denial of service attack.
To facilitate the management of these medical devices, mobile phone controls have been added. This introduced a new, clear threat vector: Bluetooth wireless connections.
It will be critical to determine whether there will be always-on connectivity used to send and receive data, even when the cell phone used for management becomes unavailable.
The only way to deal with this security risk is to implement security by design.
Responding to incidents involving cybersecurity attacks require that different parties interact, including medical device manufacturers.
Cyberattacks are inherently unpredictable events, with insufficient or inaccurate information in the early stages, while trying to predict the timing, severity, and trajectory of a cyber attack. The time required to respond could lead to loss of life.
We can hope this won’t happen, but I’d prefer if it was secured by design before delivery to our hospitals.