In 2017, sixteen UK hospitals were temporarily shut down thanks to massive ransomware attack. The WannaCry attack led to cancelled appointments, massive disarray and a reported cost to the NHS of £92 million.
It served as a stark reminder of just how tempting medical organisations and equipment can be as targets for cybercriminals. They offer the potential for huge, life-risking disruption, as well as access to highly sensitive information. And now, in an era in which the number and range of connected medical devices is proliferating at lightning-speed, the medical sector offers cybercriminals an extraordinary number of potential endpoints to target.
Connected medical devices range from simple wearables tracking factors like heart rate and blood pressure, through to highly sophisticated, hospital-based equipment such as connected scanners, through to smart devices that are actually implanted in patients’ bodies, such as connected pacemakers. All are potential targets of malware and cybercrime, and all can lead to enormous disruption and risk to life if compromised.
The ongoing COVID-19 pandemic has brought into even sharper relief how important it is for connected medical devices to be absolutely secure. When healthcare organisations are under unusual pressure, whether because of a rapid increase in patient numbers, the complexities of battling a new disease, or shortages of critical equipment and medicines, it is even more important for security to be absolutely assured. The last thing an under-pressure healthcare organisation needs to be dealing with now is a cyberattack.
How, then, can we make connected medical devices as secure as possible?
There are several different areas to consider. The devices themselves must be secure, but so too must the data they generate, send and receive. This requires a complex ecosystem of different technologies and processes, all focused on ensuring trust, robustness and resilience.
This starts with reliably identifying the device in question – that is, generating confidence that it is a genuine, certified and known connected medical device, and not a compromised device or one that is impersonating a genuine device. This requires each medical device to receive a digital certificate when it is first manufactured, and processes to be put in place to avoid counterfeiting.
Vendors have a responsibility to publish their security features and their vulnerability disclosure policies, demonstrating how they comply with relevant regulatory frameworks and explaining the testing procedures they go through. They must also, of course, ensure that any identified vulnerabilities are repaired in a timely manner.
Once a device is brought into a healthcare organisation, those digital certificates must be used to identify and authenticate each individual device before they are set up and configured to function in practice.
End-to-end data encryption, typically using TLS, should be facilitated between all connected medical devices, and also in places where data is stored. Ideally, patient data should not cross the internet at all. If data is travelling in two directions – that is, away from and back to – the connected device, then mutual authentication is necessary at both ends.
And whilst in operation, all software updates must be digitally signed to ensure the integrity of the code and protecting against malicious injection of malware. Processes such as Intrusion Detection Systems, ongoing penetration testing and monitoring should also be considered.
Ultimately, securing medical devices is a complex and ongoing process. It is also essential in a world in which the healthcare sector is introducing myriad new targets for cybercriminals.