Hackers make the unthinkable, well… thinkable: Hacking the Internet of Medical Things

The Internet of Things (IoT) brings with it endless opportunities – and, quite a few security challenges. The U.S. Food & Drug Administration’s (FDA) recent guidance on handling medical device vulnerabilities follows closely on the heels of its more general medical device cybersecurity guidance.

IoT-connected devices are a growing security concern, and the FDA has focused on general IoT device security and, specifically, medical IoT device security. This once again brings too close to home the overriding message to vendors and consumers alike that no Internet-connected device is 100% secure. If it is connected to the Internet, it can be hacked. Of course, the risk and impact multiplies manifold when the IoT product is a medical device.

Medical devices, and the systems they connect to, can seriously impact patient health. Thankfully, software patches are now addressing vulnerabilities presenting the biggest risk, and are combatting a number of threats, says Mathieu Baissac, vice president of Product Management at Flexera Software.

The unthinkable is now very thinkable…

The fact that traditional hackers are now moving beyond mere desktop computers to medical devices, demonstrates how cybersecurity is hitting home in a very personal way – even going as far as critically impacting our loved ones.

Medical device manufacturers need to manage any risks related to software vulnerabilities within their own code, as well as monitor and react on vulnerabilities of any third-party or open source software components they might be using in their devices. They should also have a strategy in place to get updates out to the right customers.

A vulnerability is an error in software, which can be exploited with security impact and gain. If hackers launch an attack against Internet-connected products, it can cause enormous damage to the medical manufacturer and patients – either because the products are controlled by the hackers, or because the user data is extracted and abused by those hackers.

Mathieu Baissac

Consequently, medical manufacturers need to increase focus on the security of the device itself, as well as the software that controls the device. This includes careful code testing, continuous maintenance, careful mapping of bundled software and verified intelligence about software vulnerabilities in that software – as well as ample resources to react promptly and effectively as soon as a vulnerability in the product is reported.

Reducing risks in five simple steps

One of the primary concerns associated with Internet-connected devices is the risks from hackers exploiting vulnerabilities, and using applications on medical devices as a vector for viruses and malware.

Today, more than ever, it is up to medical device manufacturers to be vigilant, and mitigate the exposure associated with connected devices, and they can do so in five simple steps:

    • For medical applications that sit at the operating-system level, adopt tamper-resistance technology to protect software applications from hackers.
    • Protect embedded software on the medical device from reverse engineering, and make changes at the machine level to strengthen protections.
    • Ensure that the applications on medical devices and mobile-device management systems have an easy, automated mechanism for getting the latest security patches and updates out as fast as possible.
    • Proactively monitor medical devices for application issues.
    • Provide a reliable and secure ecosystem with clear traceability through the supply chain – from initial software delivery to subsequent firmware/software updates on the device – as well as the ability to pro-actively disable devices at mandated end-of-life, or during product recalls.

Recently, much attention has been paid to potential security threats facing smart, Internet-connected appliances – thermostats, TVs, wireless speaker systems, refrigerators, cars, etc. As the news progresses from the advantages of the IoT to the associated risks of exposure, it is more important than ever to discuss how device manufacturers can embrace these products while keeping risks at bay, especially when it comes to medical devices.

Doing so will stop making the unthinkable so thinkable.

The author of this blog is Mathieu Baissac, vice president of Product Management at Flexera Software

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

Panasonic and Jasmy unveil Web3 Platform for IoT data control

Posted on: March 28, 2024

Panasonic has joined forces with Jasmy (JASMY) blockchain to introduce a Web3 platform that will facilitate the connection of personal data on the Internet of Things (IoT). The collaboration between the Japanese-based blockchain and Panasonic Advanced Technology was initiated in February, but the official announcement was made on March 26.

Read more

Driving connected personalised user experiences with Generative AI

Posted on: March 27, 2024

As the world continues to rapidly move towards digitalisation, customer expectations are also on the rise. Around the globe, telcos are grappling with meeting these expectations. As well as ensuring connectivity in a secure, seamless, and consistent manner 24/7, to compete and differentiate, operators now need to provide personalised experiences that are as unique as

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more