Why is Security Testing Important for Medical Devices?
Security testing for networked medical devices should be one of the top priorities, to ensure safety and privacy. Medical devices, fully self-sufficient appliances, aim to revolutionize the healthcare industry. They educate and empower patients to keep a check on their health, aid doctors and patients detect disease(s), assist in medical processes, let patients control and manage their health and make personal fitness more exciting.
Medical Device Categories
Personal health monitors are becoming more popularized to track heartrate, physical activity, and portable devices such as insulin pumps.
More implanted devices are being developed, such as pacemakers for example.
This category is MRI scans and other systems at the hospital location. Healthcare information systems, on the other hand, are designed to comprehend, store, manage and communicate information related to patient health or activities of healthcare service providers and assist them in delivery of healthcare services.
To comply with various federal stipulations and regulations and to ensure seamless, automated healthcare service delivery, it is imperative that any medical device not only functions as intended by its manufacturer, but also stays secured from system malfunctions largely driven by system design failure or forced manipulation by “man in the middle” attack, especially during interconnect phases, from malicious actors.
Cybersecurity for Medical Clinics
A state-of-the-art clinic is a complex system. It consists of sophisticated medical equipment that operate through fully functional computers with an operating system and required applications installed on them. Connecting medical devices to EHR systems has considerably brought down the time it takes to keep a check on vital patient data.
Not only do physicians depend on digital information stored in the computers, but also most of the healthcare technologies are connected to the Internet. Ranging from monitors, infusion pumps, CT scanners to ventilators, each device contains critical patient information, that are prone to cyberattacks and the FDA has required them to have minimal security risks.
Networked Medical Devices Security
A typical hospital network consists of VLANs (virtual network segments) based on their type, function or profile. These segments are setup to plug onto the LAN of the hospital network, either directly or via tunneling. Usually, most modern hospitals use the Computerized Maintenance Management Systems (CMMS) to manage their medical device inventory.
Many of these systems are connected to the network and allow communication with the medical devices for maintenance purposes. Often these systems are complemented or integrated with Real-Time Location Systems (RTLS) to support locating and managing devices. Other sections of the network such as Clinical, Business and Administrative sections also feed on to the same LAN. This data is crucial to hospitals, and a security testing tool should be used to prevent cyberattacks.
What Information Is Stored on Medical Devices?
Clinical and Business Data
Networked medical devices are linked with other IT modules in the hospital, like the EHR, HIS (Hospital Information System) including its data.
From an enterprise IT angle, medical devices and their allied components should be accessible and managed by Enterprise IT functions, be it a Configuration Management Database (CMDB) or a single-sign-on (SSO) system. Ability of cybercriminals to access administrative links through non-administrative portals such as a user interface, which in turn might result in compromising the safety of a device.
In case of wireless technology, RTLS is employed to instantly look for usable equipment for treatments. Advanced monitors can keep a check on patient movements and warn staff as soon as there is an issue.
One of the most important components of this network is the security module which plugs onto both the LAN setup as well as WAN setup. These VLAN configurations provide an additional degree of protection from network-based attacks and most importantly, should an attack occur, they help to contain an outbreak. Security testing for these network medical devices is imperative.
What Security Threats Exist in the Medical Device Technology?
Imagine you are recuperating from a surgery. A few wireless body sensors that help you remain mobile on the hospital bed or around the room with ease are fitted on you. Once the initial recovery stage is over, you are allowed to return home early, provided you carry the body sensors with you.
At home, your physician remotely keeps a check on your vital statistics transmitted through a wireless hub connected to your residential network. Due to advancements in connectivity and accessibility to networked medical devices, such a development is likely to become the regular norm for post-operative care.
Wireless technologies are significantly improving the quality of healthcare by offering exceptional mobility to patients while providing healthcare professionals an easy and real-time access to patient data. Most medical devices attached to hospital networks are remotely accessible from other points on the network, or even the public Internet.
A hacker may get an unauthorized access to the hospital network because of weak access control measures, thereby resulting in compromised confidentiality. This is where security testing for network medical devices is incredible important. The generic method by which a hacker seeks to attack can broadly be placed under any one of the following:
- Where the hacker has physical access to the networked device in the hospital
- Where a deliberate attempt to hack the system is taken by an insider who attacks the network, which may be remote or local
- When an insider unintentionally inserts an infected USB stick or any other malware-affected device
According to guidelines from FDA, the manufacturers must try and limit unauthorized access to medical devices and implement policies and practices for adequate data security. They must limit network access to trusted users only and must maintain a device’s critical functionality. Apart from restricting unauthorized access to the network and networked medical devices, health care centers must ensure use of antivirus software and firewalls, and should conduct periodic evaluation to keep track of individual network components.
Real Life Example
A year ago, the researchers at the University of Washington conducted an experiment on tele-surgery, where a surgeon in one location controlled a robot in another location and let the robot perform a surgery on the patient. The results of this experiment highlighted that using the Interoperable Telesurgery Protocol, which is publicly available, hackers can easily interrupt the commands sent by the surgeon to the robot by deleting or changing the commands, modify the intention of signals from the operator to the robotic arm by changing the robotic arm movements and take complete control over the robot and therefore the surgery procedure.
This explains how in an endeavor to improve interoperability of healthcare networks and devices, medical device security becomes a secondary priority for most manufacturers, whereas technological innovation holds maximum importance. As a result, patient care gets compromised as medical devices connected to the Internet pose substantial risks in being hacked by unauthorized users. In fact, according to a recent report from SANS Institute, 94% of health care centers have faced the perils of a cyber attack.
Cybersecurity Testing for Medical Devices on the Cloud
Of late, a number of medical device manufacturers are migrating their data processing activities to the cloud, thereby unknowingly adding another security threat vector. Manufacturers are also often indifferent to ensuring adequate security testing on networked medical devices, primarily because of a conflict of interest. They work with a profit objective in mind and compromise on the security of medical devices.
COTS Cybersecurity and Testing Importance
Manufacturers are progressively using Commercial off-the-shelf Software (COTS). As systems are becoming more multifaceted and feature-rich, COTS becomes a preferred design choice for a number of software architects. However, the major shortcoming of this approach is that the device automatically takes over the vulnerabilities of COTS. Additionally manufacturers use chipsets, applications and code libraries that are outdated and inexpensive so that they are able to maintain a higher profit margin. As such, these pose increased number of vulnerabilities and are incompatible to the modern day gadgets.
Any commercial software application makes a device vulnerable to malware or attack vectors and it is of key prominence that manufacturers strengthen the device using security best practices such as disabling unnecessary ports or components of the commercial software, which are not in use and including the component in the device’s security notification and patching process.
Vulnerabilities in Medical Devices
Vulnerabilities in networked medical devices may include, but is not restricted to, device flaws in terms of hardware, software or technical security controls and physical security controls. Some of the most common vulnerabilities present in wired and wireless networked medical devices include the following:
Use of Open Communication Networks
Open communication networks are easy targets for hackers to seize or hijack signals being sent to a device, this results in unauthorized access to digital assets of the medical device. Wrongly configured networks or poor security practices allow easy access to hackers.
This results in disruption of regular working of a networked medical device, or stop the device from working completely. This is also known as a radio frequency interference.
Embedded Web Services
Embedded web services with illegal and unencrypted communication have the capability to affect devices remotely from anywhere in the world, and let attackers take over the device.
Defective software leads to higher probabilities of exploiting an existing bug in the system, due to the system not operating as intended. The company is liable for the results of these vulnerabilities.
Lack of Security Features
Lack of security features for medical devices can result in life-threatening patient safety issues (Often security features are added post the design stage or even during implementation, which disrupts clinical workflow and are implemented poorly.)
This permits unauthorized access or interfere with other devices, or worse the dispose of patient information, including test results or health records. A common cause of this is Failure in observing security details related to passwords for software made to access privileged medical device. Often employee negligence results in usage of weak passwords, unchanged default passwords, or passwords left unattended. Also there are instances of uncontrolled distribution of passwords, disabled passwords and hard-coded passwords for software installed for privileged device access.
Other Causes of Medical Device Vulnerabilities
Other causes include; use of obsolete operating systems which might have unpatched vulnerabilities for Internet connected medical devices including a radioactive medical equipment, and gaps which can be exploited through reverse engineering based on device information available in public forums such as certification agencies, device manuals and patent databases.
Dynamic Fuzzing Medical Devices Is the Solution
Addressing security testing networked on medical devices threats and preventing information security risks is a big challenge. Since it is practically impossible to eliminate cyber security threats completely, manufacturers and healthcare centers must put in efforts to minimize them. It is very important to maintain a proper balance between safeguarding patient information and supporting the use of innovative technologies for enhanced device performance.
Why Hospitals and Medical Clinics Should Care
Currently, in most cases, under premeditated cyberattacks, health care centers face complete breakdown in regular operations as they lack the ability to detect such an attack. IT, risk and compliance staff in hospitals and clinics should anticipate future medical device security risks and address them along with the existing risks to provide patient safety and protected health information.
Moreover, it is extremely important that manufacturers and companies dealing with medical devices begin to implement security strategies right from the inception of a device up to its commercialization.
How to Improve Data Security in Healthcare
Limiting Access to Networked Medical Devices
Limit access to specific user groups and implementing layered network protections, including endpoint and network activity monitoring, firewall and antivirus software.
This approach includes isolating medical devices that do not meet security standards, sampling devices randomly to gauge compliance and constantly monitoring and taking appropriate measures to maintain device security. Some recommended security standards to address the risks intrinsic to security testing networked medical devices include the following:
- Medical device manufacturers must emphasize on device security at the initial stage, than as an afterthought to avoid unnecessary costs and last minute shortcuts that developers take to push in some form of security factor.
- Use strong passwords to protect all external connection points.
- Develop on-time patch management, update IT security policies and vulnerability assessments.
- Increase awareness among all stakeholders including physicians, Chief Medical Information Officers (CMIOs) and clinical engineering teams about current and potential medical device vulnerabilities.
- Take a backup of critical information at regular intervals and keep a copy of it offline.
- QA testing for networked hardware and web applications
Medical Device Cybersecurity Solution
BeSTORM is an exhaustive fuzzer. A powerful black box auditing tool, it is designed to find security weaknesses in protocol implementations and uses formal RFC definitions to create an attack language which in turn is used to identify vulnerabilities in the tested application. It supports testing for predetermined test cases and tries to exploit more likely vulnerabilities before continuing with the full test, its main objective is to allow for the most complete testing that will cover as much of the protocol space as possible. With beSTORM, it is also possible to write custom modules for proprietary protocols using XML. It can be a great tool to use for security testing on networked medical devices, keeping these devices safe for patients and adhere to privacy standards to protect that information.