With the level of concern regarding cybercrime continuing to rise, it has been expressed that many of the medical devices used in hospitals could be vulnerable. With technology evolving at an astonishing rate, there are now internet-connected devices capable of monitoring insulin and blood oxygen levels and even releasing drugs into a patient; however, poor security could leave these devices open to attack, allowing criminals to access far more than simple data.
Although experts have been quick to assure that no one has yet died as a result of hacking, the risks that this could occur are growing. There are various reasons for thefts, including fraudsters wanting to steal intellectual property from clinical trials or harvest a patient’s information. Some criminals might just want to cause chaos.
Speaking about the risks the medical sector could face, TrapX’s chief executive, Greg Enrique, said that passwords often remain unchanged from default settings in the healthcare industry. Mr Enriquez, whose cybersecurity firm works with hospitals all over the planet, said that outdated operating systems with limited safeguards are also often connected to medical databases.
Having conducted research into potential risks, Mr Enriquez said: “We have found active malware, different strains of malware, we even found [non-activated] ransomware on one medical device [which could give the hacked the ability to prevent the device from working when it is in use].”
Experts are taking note of the potential problems, particularly since PricewaterhouseCoopers (PwC) forecast a value of $285bn (£189bn) for the internet-connected healthcare products market by 2020. Earlier this year, the US Food and Drug Administration (FDA) issued its first warning that medical devices had the potential to be tampered with by hackers. It was strongly recommended that the Hospira Symbiq infusion pump was not used, for example. This device delivers pain medication to patients, and the company has removed it from the market until stronger safeguards can be implemented.
Wes Weinberg, one of the researchers at cybersecurity firm Synack, explained that hospitals are in a powerful position to force the changes they require. “To me, it is a sector very much like the critical infrastructure industry, with a few major manufacturers and a lot of devices. So really it is just now a waiting game [until some are hacked].”
For now, experts are forewarning companies about the threat and the chaos that could be caused through poorly-secured medical devices. With this market set to expand significantly in the coming years, it is expected that attacks will occur.
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP Recruitment, BI & Data Recruitment, Information Security Recruitment, Enterprise Architecture & Strategy Recruitment , Energy Technology Recruitment, Demand IT and Business Engagement Recruitment, Digital and E-commerce Recruitment, Leadership Talent, Infrastructure and Service Delivery Recruitment, Project and Programme Delivery Recruitment.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.