A Texas university is to research cybersecurity solutions to vulnerabilities in medical devices, boosted by a major grant from the National Science Foundation.
The National Science Foundation in the US has awarded TCU (Texas Christian University) approximately $250,000 in funding to help it come up with effective measures that will protect medical devices from cyberattacks.
Ensuring that networked equipment remains secure is an increasingly pressing issue, as while the use of technology in healthcare is an obvious benefit, full consideration of the security implications of new tech has been slow.
It is this fact that Michael Bachmann, associate professor of criminal justice at TCU, is seeking to address with his study – cybercriminals are extremely likely to increase their activity in this area meaning the threat is very real.
“Not only can you access all these devices and wreak havoc within a hospital when you’re there, but you don’t even need to be there.”
Speaking to WFAA-8, the expert said that he is of the opinion that the vulnerabilities associated with networked medical devices, including radiation machines and pacemakers, need to be urgently addressed.
He described the cybersecurity situation in this area as “dire”, adding: “Not only can you access all these devices and wreak havoc within a hospital when you’re there, but you don’t even need to be there.”
A high-profile example of the concern some people have regarding the exploitation of connected devices came in 2013, when former US vice president Dick Cheney revealed that he had deactivated the wireless feature in his implanted heart defibrillator.
“Implantable cardioverter defibrillators can be vulnerable to a range of electronic signals,” Adrian Culley, an information security professional, was quoted by the BBC as saying at the time.
“Research has been undertaken which shows it is entirely feasible to potentially exploit someone’s ICD, given close proximity to the individual.”
Data protection is another concern
Other concerns that security professionals have with healthcare is focused on data protection.
This was discussed in detail on We Live Security recently, with ESET security researcher Lysa Myers noting earlier this year that recent breaches at Premera and Anthem have highlighted obvious flaws within organizations operating in the healthcare industry.
“Medical records are likely to remain a tempting target as long as there is a sufficient return on criminals’ investment of time and effort,” she said.
“It is important for healthcare practitioners and businesses to take extra care of their patients’ data, as well as their health.”