Increased risk of ‘Medjacking’ calls for better security measures on medical devices

Robinson+Cole Data Privacy + Security Insider
Contact

Did you know that right now we have about 5 billion connected smart devices in use? Is it surprising that it is predicted that by 2020 that number will skyrocket to 25 billion? Of all these connected devices, a significant portion of these devices will be medical devices such as pacemakers, in-home monitoring systems and drug pumps. The risks associated with these connected medical devices are plentiful. The biggest concern: medjacking. Medjacking is short for medical device hijacking.

Medjacking has becoming more and more prevalent as more medical devices get connected. In June 2015, TrapX Security released a report that detailed incidents of medjakcing in three hospitals:

  1. Passwords were stolen to the hospital’s network and confidential data transmitted to computers in Eastern Europe via a blood gas analyzer infected with two different types of malware.
  2. Unauthorized entry into the hospital’s network to send sensitive data to China via the radiology department’s image storage system.
  3. Unauthorized access to the hospital’s network to access confidential data through a back door hackers installed in a drug pump.

More of these types of incidents are likely to occur as more and more medical devices are connected to sensitive, confidential networks.

Why is this happening? What can we do? Currently, the U.S. Food and Drug Administration (FDA) has only released security ‘recommendations’ for medical devices. But with this real-time operating system, the security flaws are being discovered by hackers and exploited faster than the security failure can be patched. The FDA will hopefully require medical device manufacturers to implement security features that meet a set standard, solve the problem of lagging security fixes and security patches, segment sensitive, confidential data from the networks that these medical devices are connected to, and train patients and health care staff how to use medical devices in the most secure way they can. For now, be aware of these vulnerabilities and be sure your patients’ medical devices are not being exposed to medjackers.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Robinson+Cole Data Privacy + Security Insider

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide