Author(s):
- Khera, Mandeep
Abstract:
Ready or not, the Internet of things (IoT) is here. No longer just a buzz term, it’ll continue to grow at an unprecedented pace over the next few years expecting to reach over 25 billion connected devices by 2020. History shows us that most fast growth technology solutions focus on solving business problems first and security is an afterthought. Unfortunately, IoT is following the same trend. Most IoT devices, apps, and infrastructure were developed without security in mind and are likely going to become targets of hackers. According to some security experts, major cyberattacks against the IoT devices are looming. According to the FBI, criminals can gain access to unprotected devices used in home health care, such as those used to collect and transmit personal monitoring data or time-dispensed medicines. Once criminals have breached such devices, they gain access to any personal or medical information stored on the devices, as well as the power to change the coding that controls the dispense mechanism of medicines or health data collection. This can result in major health issues and potential loss of lives. Are organizations ready to protect themselves? What are the key vulnerable points? There are various steps that companies can take to raise the barrier. In this article, we’ll talk about the background, issues, potential attack vectors liable to be hacked, protection strategies, and more.
Document:
https://journals.sagepub.com/doi/full/10.1177/1932296816677576#_i9
References:
| 1. | Radcliffe, J . Hacking medical devices for fun and insulin: breaking the human SCADA system. Available at: https://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf. Accessed October 13, 2016. Google Scholar |
| 2. | Schwartz, M. Insulin pump hack controversy grows. August 26, 2011. Available at: http://www.darkreading.com/vulnerabilities-and-threats/insulin-pump-hack-controversy-grows/d/d-id/1099825. Accessed October 13, 2016. Google Scholar |
| 3. | US Government Accountability Office . Medical devices: FDA should expand its consideration of information security for certain types of devices. August 31, 2012. Available at: http://www.gao.gov/products/GAO-12-816. Accessed October 13, 2016. Google Scholar |
| 4. | US Food and Drug Administration . Cybersecurity for medical devices and hospital networks: FDA safety communication. June 13, 2013. Available at: http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm. Accessed October 13, 2016. Google Scholar |
| 5. | Hoskins, M. Diabetes device “hacker” joins forces with FDA. August 8, 2013. Available at: http://www.healthline.com/diabetesmine/diabetes-device-hacker-joins-forces-with-fda#2. Accessed October 13, 2016. Google Scholar |
| 6. | Kirk, J. Pacemaker hack can deliver deadly 830-volt jolt. October 17, 2012. Available at: http://www.computerworld.com/article/2492453/malware-vulnerabilities/pacemaker-hack-can-deliver-deadly-830-volt-jolt.html. Accessed October 13, 2016. Google Scholar |
| 7. | Zetter, K. Hacker can send fatal dose to hospital drug pumps. June 8, 2015. Available at: https://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/. Accessed October 13, 2016. Google Scholar |
| 8. | US Food and Drug Administration . Infusion pump software safety research at FDA. April 8, 2016. Available at: http://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/GeneralHospitalDevicesandSupplies/InfusionPumps/ucm202511.htm. Accessed October 13, 2016. Google Scholar |
| 9. | Muddy Waters Research . MW is Short St. Jude Medical (STJ:US). August 25, 2016. Available at: http://d.muddywatersresearch.com/wp-content/uploads/2016/08/MW_STJ_08252016_2.pdf. Accessed October 13, 2016. Google Scholar |
| 10. | Hanna, S, Rolles, R, Molina-Markham, A. Take two software updates and see me in the morning: the case for software security evaluations of medical devices. August 9, 2011. Available at: https://spqr.eecs.umich.edu/papers/hanna-aed-healthsec11.pdf. Accessed October 13, 2016. Google Scholar |
| 11. | The Industrial Control Systems Cyber Emergency Response Team . Alert (ICS-ALERT-13-164-01): Medical devices hard-coded passwords. October 29, 2013. Available at: https://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-164-01. Accessed October 13, 2016. Google Scholar |
| 12. | Zetter, K. It’s insanely easy to hack hospital equipment. April 25, 2014. Available at: https://www.wired.com/2014/04/hospital-equipment-vulnerable/. Accessed October 13, 2016. Google Scholar |
| 13. | Halperin, T, Heydt-Benjamin, B, Ransford, S. Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. May 2008. Available at: http://www.secure-medicine.org/public/publications/icd-study.pdf. Accessed October 13, 2016. Google Scholar |
| 14. | Bastani, F, Tang, T. Improving security of wireless communication in medical devices. December 17, 2014. Available at: https://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall14-papers/Wireless_Medical_Devices.pdf. Accessed October 13, 2016. Google Scholar |
| 15. | Mace, S. For real: medical devices vulnerable to hacking. March 6, 2015. Available at: http://www.medpagetoday.com/practicemanagement/informationtechnology/56566. Accessed October 13, 2016. Google Scholar |
| 16. | Pauli, D. Thousands of “directly hackable” hospital devices exposed online. September 29, 2015. Available at: http://www.theregister.co.uk/2015/09/29/thousands_of_directly_hackable_hospital_devices_found_exposed/. Accessed October 13, 2016. Google Scholar |
| 17. | Storm, D. MEDJACK: Hackers hijacking medical devices to create backdoors in hospital networks. June 8, 2015. Available at: http://www.computerworld.com/article/2932371/cybercrime-hacking/medjack-hackers-hijacking-medical-devices-to-create-backdoors-in-hospital-networks.html. Accessed October 13, 2016. Google Scholar |