A Prescription For Security:
Mitigating Cybersecurity Threats In Medical Device Software
It is important to note that ransomware attacks are not limited to standard IT systems. In fact, medical devices often present an enticing entry point for attackers due to the inherent difficulty in updating firmware on these devices. Consequently, medical devices can serve as a link within a complex chain of attack, allowing attackers to exploit compromised devices to infiltrate a hospital’s IT network or use an array of devices to extract private health data.
Furthermore, medical devices themselves can become direct targets for attacks aimed at gaining control over the device. This is particularly concerning when devices are equipped with home or personal connectivity features – such as those used for self-monitoring progress, reporting results to a doctor, or facilitating aspects of a patient’s healthcare delivery. Such features can expose devices to additional proximity attacks through Bluetooth, WiFi, and other wireless protocols. In fact, in 2020, Health Canada identified a vulnerability in medical devices using BLE chips from various silicon vendors, including pacemakers, insulin pumps, blood glucose monitors, and ultrasound systems.