Read Glisson, W., Andel, T., McDonald, T., Jacobs, M., Campbell, M. & Mayr, J. (2015) Compromising a Medical Mannequin. Healthcare Information Systems and Technology (Sighealth).
Answer the following discussion questions:
Technology is changing at a tremendous speed all the healthcare industry. It is undeniable that new technologies bring all the improvements along with their risks and weaknesses. The integration of technology into the medical environment brings a new genre of potential risks exposure that may lead to a life-threatening for the patient if not dealt with seriously.
A group of undergraduate computer science students undertook experimentation revealing possible vulnerabilities and threats on a medical training simulation mannequin called Istan. The Istan simulates respiratory, neurological and cardiovascular systems (CAE Healthcare). This device is connected to a controlling computer using a network communication environment.
The students succeeded to demonstrate the easiness to launch a brute force attack which can lead to a private data breach and a denial of service. After getting the useful private information, they could initiate a DOS attack which disrupted the connexion between the controlling computer system and the mannequin itself. A connexion error message appeared on the user interface.
One of the trickiest challenges the healthcare security leaders face is cyber-protecting connected medical devices. Unprotected medical devices lead to more occurrences of data breaches and increase the risk to patient safety (Bell, 2019). To mitigate as many threats and vulnerabilities as possible, it is important to:
Hi David,
I agree with you regarding your suggestions relating to security around medical devices, however, I disagree that we should be minimizing the use of connected devices. I think we are at a point in time whereby connected devices are essential to innovation and treatment in the medical field.
Implantable medical devices have increased by 300-500% in 2018 alone (Yaqoob, Abbas and Atiquzzaman, 2019). The usability of these devices, have proven to be critical in illness management, such as:These devices, when connected, allow medical professionals to monitor and administer treatment for their patients in real time, as opposed to only when the patient presents for follow up treatment. In addition, it allows for management modification as an when needed. It also provides invaluable data on the management of patients, and more insight into the illness processes which improves patient care for many other patients in the long term(Joung, 2013).
- Automatic Insulin administration in diabetics
- Implantable pacemakers or defibrillators
A significant issue is that most medical device companies rely on proprietary technology as opposed to open source systems, and as such security progress is hampered (Ransford et al., 2014).
As such, I believe that instead of limiting device connectivity, we should be focusing on methods to improve security features so that these devices are immune from attack, or at the very least, mitigate against potential threats. This would only be possible by continuous monitoring and improvements in design and security advancements.
Joung, Y. H. (2013) ‘Development of implantable medical devices: From an engineering perspective’, International Neurourology Journal, 17(3), pp. 98–106. doi: 10.5213/inj.2013.17.3.98.
Ransford, B. et al. (2014) ‘Design challenges for secure implantable medical devices’, Security and Privacy for Implantable Medical Devices. IEEE, 9781461416746, pp. 157–173. doi: 10.1007/978-1-4614-1674-6_7.
Yaqoob, T., Abbas, H. and Atiquzzaman, M. (2019) ‘Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical Devices—A Review’, IEEE Communications Surveys Tutorials, 21(4), pp. 3723–3768. doi: 10.1109/COMST.2019.2914094.
Thank you Uzayr for your answer.
I do understand your point of view. I did mention the idea of minimising the use of connected devices as little as possible. What I meant is that I wanted to emphasise the simple fact that more devices are connected, more risks we have to be hacked.
The world is moving at a fast pace towards a more connected world, and that is a truth for all industries. I agree with you that connected devices are essential to innovation. According to Vinita Malik & Sukhdip Singh (2019), the problem is that many companies still underestimate the need of investing enough resources to protect all connected devices from attackers.
According to Robert Bell (2019), companies need to build a database of all the connected devices with their IP address, device type, the department where it is located, the device brand and model, its OS version, its application software version and its latest security patch. The more information you can get on each device, the better it will be to determine any possible vulnerabilities at a later stage.
"Mapping the clinical workflow ecosystem will let you avoid interference with critical dataflows and will make it possible to recognise suspicious anomalies in clinical workflows." (Bell, 2019)
As you mentioned, we should focus more on methods to improve security on all connected devices instead of limiting their number. I completely agree with you only if companies finally recognise that having many connected devices require and a strong and well-established security layer and a bigger budget for better security purposes.
Bell, R. (2019). How to mitigate risks associated with connected medical devices. [online] healthcarefacilitiestoday. Available at: https://www.healthcarefacilitiestoday.com/posts/How-to-mitigate-risks-associated-with-connected-medical-devices--20578 [Accessed 28 Aug. 2021].
Vinita Malik & Sukhdip Singh (2019) Security risk management in IoT environment, Journal of Discrete Mathematical Sciences and Cryptography, 22:4, 697-709, DOI: 10.1080/09720529.2019.1642628 [Accessed 23 Aug. 2021].