While many staff appear to be aware of phishing and respond appropriately, ongoing education is required — particularly about the risk of leaking information of potential use to attackers through social media, the BMJ advised.
6. Smart devices
Wearable and implantable smart medical devices are a proven cybersecurity risk. These technologies certainly offer better analysis, assisting diagnosis of medical conditions while aiding independent living, but mistakes made in securing such medtech have exposed vulnerable users to potential attack.
A seminal moment was the late Barnaby Jack’s hacking of an insulin pump in 2011. This attack over Bluetooth had a maximum range of approximately 300 meters.
Since then, security researchers at Pen Test Partners have found “closed loop” insulin trial data on the public internet.
“In one case, we could have modified the readings taken by the body-worn continuous glucose monitor and automatically, remotely administered a fatal dose of insulin to around 3,000 users in the trial,” Ken Munro, managing director of Pen Test Partners, tells CSO. “Fortunately, the vendor involved responded very quickly to our report and had the system secured the same day.”
Other connected medtech devices Pen Test Partners have found security issues with include cranial stimulators, dosing pumps, and medical robots, among many others. Fortunately, the smart devices threat has been recognised and regulators are starting to take action.
For example, the US Food & Drug Administration (FDA) introduced FD&C 524b last year to drive cybersecurity in connected medical devices.