A new cybersecurity center wants to protect medical devices against hacks

It’s been around 10 years since security researcher Jay Radcliffe got up onstage at a conference and demonstrated that he was able to hack into his own insulin pump. If he’d wanted, he could have used the pump to deliver a lethal dose of the drug into his system. Instead, he demanded that medical companies take the security threat seriously.

© Photo Illustration by Matt Harbicht/Getty Images for Tandem Diabetes Care

That presentation and others like it were wake-up calls about the potential danger of connecting vulnerable medical devices to the internet, says Mike Johnson, a securities technologies expert at the University of Minnesota’s Technological Leadership Institute.

In the decade since, there’s been an explosion in the number of connected medical devices — drug infusion pumps, pacemakers, monitors — that makes the issue even more pressing. There is an average of 10 to 15 internet-connected devices on each hospital bed, security researchers estimate. “It’s just a matter of time,” Johnson says. “There are more devices and more exposure.”

That exposure is one reason the University of Minnesota set up a new Center for Medical Device Cybersecurity, which launched at the beginning of September in partnership with medical device companies like Medtronic (which made Radcliffe’s pump) and Boston Scientific. The center will function as a hub to help groups that touch medical devices at every stage in their lifecycle, from their development to their use at a patient’s bedside, understand and manage the cybersecurity risks.

“We want to bring all of these participants into the process and hopefully give them tools,” says Johnson, who’s involved with the center.

The Verge talked with Johnson about the center’s goals and the cybersecurity risks around medical devices.

This interview has been lightly edited for clarity.

Why is it important to focus on the security of medical devices?

Medical device security has been on the radar of security risk managers for a decade or more. Suddenly, there’s been an explosion in the healthcare arena around connected devices. The numbers today are 10 to 15 devices connected per hospital bed, and that’s a combination of bedside devices and potentially wearable or implanted devices as well. The more things we add to a network, the more chances it can be impacted.

There hasn’t been a really high profile case of a patient being killed or seriously harmed, but it’s just a matter of time.

There hasn’t been a really high-profile case of a patient being killed or seriously harmed, but it’s just a matter of time. We know the criminal element changes. They’re mostly driven by money, but there are other people driven by making a splash, like a terrorist group wanting to kill someone over the internet.

As the risk increases, security professionals and device manufacturers and others are saying, ‘Well, we really need to stay ahead of this.’ Healthcare is not waiting for the massive accident.

Ransomware attacks on hospitals have been a significant and escalating issue for healthcare in the United States. Does that impact medical devices, as well?

The most imminent threat is probably from ransomware. We’ve seen it over and over, and we see it potentially impact patient safety. So you might think, “What does a medical device have to do with ransomware?” But it’s part of the overall ecosystem. An attacker may not take over a device, but if the device is reliant on a single point of connectivity, and ransomware takes over the command server for the devices, all the devices could stop working.

We want to understand the device’s security itself, but we also want to understand where the device sits in the ecosystem — what factors are important for it to function? What could happen to it?

Medical device companies make the products that can get hacked, but doctors and hospitals use them — and those groups often don’t have the same cybersecurity resources or expertise. How are they involved in these conversations?

Providers are exposed to a lot of risks, and medical devices are just one of them. A medical device is connected to the network, and so are heating, ventilation and air conditioning. They both have equally important risk issues that need to be addressed.

When I visualize the spectrum, if you have a device manufacturer on the left, they’re about the nuts and bolts of this piece of equipment. On the right, you have a system like a hospital that has a cybersecurity risk and has something to protect. In the lifecycle of a device, it starts with the manufacturer, and if they do a good job, that’s great — but when they send it out, the security could be reduced because of how it’s deployed at a hospital or health center. That increases the risk.

They’re an important part of the system and hopefully a part of the center. There’s a very large health system in Minnesota that we’ve been talking to as we work to expand.

Hospitals aren’t the only places with internet-connected medical devices — pacemakers are implanted in people’s bodies, smartwatches can diagnose heart problems, and people take their blood pressure through app-connected cuffs at home. Can we protect those, too?

The home network can be a scary place for anything important. There aren’t the same resources, and there are all kinds of things that can go wrong. But you have to look at everything in terms of risk and impact. If, say, a blood pressure monitor gets hacked, the results could be manipulated. Still, patients with high blood pressure go to the doctor regularly enough, so they’d be able to double-check those numbers — and maybe it wouldn’t be too dangerous. On the other hand, something like a pacemaker is physically inside the patient. Messing with that would be a different story.

The home network can be a scary place for anything important.

If manufacturers know this is going to end up inside someone or in someone’s home, they’d do a risk and threat assessment to understand what could happen and how big a deal it would be. Then, they’d design the security controls with that in mind. We would hope that a manufacturer would design it so even in a poorly secured network, you could have a secure connection.

What’s the first step for the center in helping to improve this ecosystem?

We’re really focusing at the beginning here on generating interest, bringing people into the consortium, and providing training opportunities. We have a hackathon coming up that the center is involved in, and we’re starting on our inaugural introductory training course in device cybersecurity. We’re targeting everyone from big players like [medical device company] Abbott to smaller groups. Medical device cybersecurity is pretty specialized. So this is designed for an engineer, or somebody else in the product development cycle, who wants to understand why security is important and how to improve it.

It’s been around a decade since this emerged as a major issue. How far is there left to go to ensure the whole ecosystem around medical devices is protected?

Security isn’t a fixed end state. There’s not going to be an end state. It’s always a process to improve where improvement is needed and protect things that are most critical to protect. We want to prioritize the changes that can make the most difference and raise the bar over time.

Internet Explorer Channel Network
News Related

OTHER NEWS

COVID-19 inquiry ordered into Sydney jail

An independent inquiry has been ordered into allegations that COVID-negative prisoners were forced to bunk with positive cellmates in a privately run Sydney prison. © Dan Himbrechts/AAP PHOTOS Its been ... Read more »

‘You are a monument': EU leaders hail Angela Merkel at ‘final' summit

After nearly 16 years and 107 EU summits, Angela Merkel, the outgoing chancellor of Germany, might have expected more from her fellow leaders than a glass paperweight and praise for ... Read more »

Hawkish calls for Brazil October rates meeting grow on fiscal worries - Reuters poll

By Gabriel Burin © Reuters/Ueslei Marcelino FILE PHOTO: Brazil’s Central Bank president, Roberto Campos Neto, speaks during a ceremony the Planalto Palace in Brasilia BUENOS AIRES (Reuters) – Brazil’s benchmark ... Read more »

Elephant tramples poacher to death in Kruger National Park

© Provided by Daily Mail MailOnline logo An elephant has trampled a suspected poacher to death in South Africa‘s famed Kruger National Park, a spokesman said Friday. The mangled body ... Read more »

Warning for sudden, severe storms in NSW

People in NSW are expected to get out and enjoy the forecast warm weather on Saturday, but the Bureau of Meteorology has warned severe thunderstorms will develop quickly in the ... Read more »

WA police seek CCTV footage in Cleo search

Surveillance footage from motels and children’s clothing stores is being sought by West Australian police investigating the disappearance of four-year-old Cleo Smith. © PR HANDOUT IMAGE PHOTO WA Police are ... Read more »

Five police officers face hearings over messages about Sarah Everard case

Five police officers from four forces will face disciplinary procedures after separate investigations by a watchdog into social media messages related to Wayne Couzens, the killer of Sarah Everard. © ... Read more »

'China's technology dominance could give it decisive military edge'

© Provided by Daily Mail MailOnline logo Intelligence officials on Friday issued new warnings about China’s ambitions, saying it was collecting genetic data from around the world as part of ... Read more »

12 of the best things to buy from the new Netflix store at Walmart

— Recommendations are independently chosen by Reviewed’s editors. Purchases you make through our links may earn us a commission. If you’re someone who spends most of their free time perusing—or ... Read more »

Milla poses with daughter Ever, 13, at book party

© Provided by Daily Mail MailOnline logo Milla Jovovich posed up with her daughter Ever Anderson at a star-studded Los Angeles event on Thursday. The 45-year-old action star brought her ... Read more »

Stephen Baldwin Asks for ‘Prayers' After Brother Alec's Prop Gun Misfire

© Shutterstock (2) Mandatory Credit: Photo by Andy Kropa/Invision/AP/Shutterstock (9594109bd) Stephen Baldwin attends the world premiere screening of National Geographic’s “America Inside Out With Katie Couric” at the Museum of ... Read more »

Razer Wolverine V2 review: Razer's Xbox controller almost feels illegal

© Windows Central Razer Wolverine V2 Review 2021 Building a better mousetrap. Razer’s Wolverine controller for Xbox proved itself to be a capable alternative to the Xbox Elite Controller and ... Read more »

Zara Tindall attends the opening meeting of Cheltenham racecourse

© Provided by Daily Mail MailOnline logo Zara Tindall cut an elegant figure in a purple checked coat as she attended the opening meeting of Cheltenham racecourse earlier today. The ... Read more »

Brazil to bring out best in Matildas

The Matildas return to Australia hoping the arrival of a familiar foe in Brazil will be the catalyst to a more positive period under Tony Gustavsson. © PR HANDOUT IMAGE ... Read more »

NHS waiting list may not be cleared until 2030 without ‘deeper and faster' reforms, Tony Blair Institute warn

The NHS waiting list backlog caused by the pandemic may not be cleared until the end of this decade unless the government carries out “deeper and faster” reforms than it ... Read more »

Trump's social network has 30 days to stop breaking the rules of its software license

The Software Freedom Conservancy (SFC) says former President Donald Trump’s new social network violated a free and open-source software licensing agreement by ripping off decentralized social network Mastodon. The Trump ... Read more »

Best Buy's early Black Friday sale ends today: here are the 10 best deals

Black Friday deals are dropping earlier than ever, and so far, they don’t disappoint. Best Buy’s early Black Friday sale launched earlier this week with record-low prices on 4K TVs, ... Read more »

UK National Grid has plans to build an 'energy island' in the North Sea

The National Grid has announced it has begun talks with two firms about the creation of what it’s calling an ‘energy island’ off the coast of the UK in the ... Read more »

Gigabyte hit by ransomware once again

© Provided by TechRadar ID theft Taiwanese hardware manufacturer Gigabyte has supposedly fallen prey to yet another ransomware attack. If true, it would be the second time the companye has ... Read more »

The best early Black Friday laptop deals are at Dell - see our top picks

It may still be October but we’re already starting to see some killer laptop deals that would rival anything over Black Friday. If you’re after a brand new machine in ... Read more »

MacBook Air 2022 could get Mini-LED screen – and no controversial notch

© Provided by TechRadar MacBook Air 2020 shown half-closed Apple’s next MacBook Air might come equipped with a Mini-LED screen like the new MacBook Pros – maybe minus the notch ... Read more »

Google launches bug bounty program for Android Enterprise

Google has announced the first vulnerability rewards program for its Android Enterprise initiative with bounties going up to $250,000, as part of its effort to further secure the platform. © ... Read more »

EU leaders give Angela Merkel a standing ovation at her last summit

© Provided by Daily Mail MailOnline logo European leaders heaped praise on German Chancellor Angela Merkel on Friday as she participated in her last EU summit after a 16-year reign ... Read more »

ASUS TUF 24.5 gaming monitor down to just $230, but you'll have to act fast

The ASUS TUf 24.5 gaming monitor is even more affordable for a limited time. Black Friday isn’t for another month, but Best Buy already has some of the best deals ... Read more »

Alec Baldwin fired prop gun that killed crew member on movie set - authorities

By Adria Malcolm and Alexandra Ulmer © Reuters/ADRIA MALCOLM Alec Baldwin fires prop gun on movie set, killing cinematographer SANTA FE, N.M. (Reuters) – Hollywood star Alec Baldwin fatally shot ... Read more »

Rita Ora dons a tracksuit during dinner with boyfriend Taika Waititi

© Provided by Daily Mail MailOnline logo Rita Ora looked nothing short of sensational as she exited a swanky LA bistro with her boyfriend Taika Waititi, 46, on Friday. For ... Read more »

Here's how to deal with those badly written equations you find online

Spend enough time on social media and it’s likely that you’ll see what I’ve started to call a Bad Math Scam. This is where an account, looking to juice their ... Read more »

Health chiefs bump up threat of more transmissible Delta off-shoot

© Provided by Daily Mail MailOnline logo Health chiefs today bumped up the threat from the even more transmissible Delta off-shoot amid fears it may have already infected 150,000 Britons. ... Read more »

Lebanese president sends electoral law amendments back to parliament

(Reuters) – Lebanese President Michel Aoun on Friday sent a law amending legislative election rules back to parliament for reconsideration, the presidency said in a statement. © Reuters/DALATI NOHRA Lebanon’s ... Read more »

The new Instagram features you will soon be using

© Courtesy of Instagram Instagram is launching new features. Instagram is giving its users some new goodies to play with. The social network has just unveiled five new tools that ... Read more »

Swedish rapper Einar shot dead in suspected gang-related attack

One of Sweden’s most popular rappers has been shot and killed in Stockholm, further fuelling public anger over a deadly wave of gang-related violence that has hit the country in ... Read more »

Rate of coal and gas power decline NEVER been achieved before

© Provided by Daily Mail MailOnline logo Keeping global temperatures from rising by more than 2.7°F (1.5°C) will require a cut in coal and gas power production, at a level ... Read more »

Hospitalized Covid patients 3x as likely to suffer cognitive issue

© Provided by Daily Mail MailOnline logo Hospitalized COVID-19 patients are more likely to suffer from cognitive issues months after recovery than patients who didn’t require medical care, a new ... Read more »

Only a fraction of operators have reached '5G' tipping point

Just 14% of 5G operators around the world have been able to encourage 10% or more of their customers to subscribe to their next generation network service. © Provided by ... Read more »

The best wireless headphones 2021: our pick of the best ways to cut the cord

The best wireless headphones of 2021 include some of the most advanced audio devices we’ve ever seen. The best part? These wireless headphones come in all shapes and sizes, from ... Read more »

Malware can easily abuse Discord features to attack users

© Provided by TechRadar Malware Cybersecurity experts have successfully demonstrated that the features of gaming-centric messaging platform Discord can easily be abused for malicious purposes. Researchers from Check Point Research ... Read more »

New US rules on spyware exports try to limit surveillance tech like Pegasus

The US Department of Commerce announced a new rule to prevent the sale of hacking tools to China and Russia, The Washington Post reports. The Commerce Department outlined the change ... Read more »

US intel agencies warn climate change is threatening national security

© Provided by Daily Mail ( The US intelligence community is sending a unanimous warning about the growing risk that climate change is posing to national security and global stability, ... Read more »

“Boys can be Emma”: Em Rusciano says everyone can adore Emma Wiggle!

If you’ve ever tried telling a toddler what they can and can’t wear you’ll know that resistance is futile. And if that toddler happens to be a little boy wanting ... Read more »

K-Pop stars BTS dump Sony for Universal Music

K-Pop superstars BTS have ditched Sony Music’s Columbia Records as their distributor and marketing partner in favour of Universal Music. The move was confirmed by BTS’s management company Hybe after initial reports by ... Read more »
On free-english-test.com you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic