Protecting Medical Devices from Cyberharm | Stephanie Domas | TEDxColumbus

00:06

[Music]

00:14

hi medical devices are becoming more and

00:17

more

00:18

connected they're more connected to each

00:20

other they're more connected to the

00:22

hospital's networks they're more

00:25

connected to patients smartphones and

00:27

they're more connected to the internet

00:29

it's it's estimated that one out of

00:31

every four medical devices is now

00:34

connected if you were to go to the

00:36

hospital today it's estimated that you

00:38

would encounter 10 medical devices

00:40

during your

00:42

visit it's because of this increased

00:44

connectedness of medical devices that

00:46

hackers are starting to Target medical

00:49

devices now when I say hackers are

00:51

targeting medical devices everyone

00:53

always immediately jumps to the

00:55

assumption that hackers are trying to

00:56

hurt you through your medical

00:58

devices so while won't say it's not

01:00

possible it actually is what I will say

01:03

is in general there are easier ways to

01:05

hurt people than through their medical

01:07

device so take for example a pacemaker

01:10

this is something that people often

01:12

think of when they're thinking of a

01:13

medical device harming

01:15

someone if I wanted to change the

01:17

configuration or the codes on your

01:20

pacemaker I would have to stand right

01:22

next to you I would have to hold

01:25

specialized electronic equipment up to

01:27

your chest for several minutes

01:30

that's really not the type of thing you

01:31

can do to someone without them noticing

01:34

and it's it's not what we call a a

01:36

remote or scalable attack so it's not

01:39

remote in the sense that an attacker

01:41

can't do it from the comfort of their

01:42

couch and it's not scalable because they

01:45

can't use it to simultaneously hurt

01:47

numerous people so attackers generally

01:49

want remote and scalable attacks so for

01:53

your average person this isn't a threat

01:55

you need to worry about but that being

01:57

said former Vice President Dick ch

02:00

did have the wireless connectivity to

02:02

his pacemaker disabled because for him

02:05

it was potentially a realistic

02:07

threat so if attackers aren't trying to

02:09

hurt you through your medical device why

02:11

are they attacking medical

02:13

devices well it seems like every week we

02:16

hear about some new cyber security

02:17

breach that affects individuals we all

02:20

heard about Target the DMV and I'm sure

02:22

there's a number of you in this room

02:23

that those

02:24

affected but what you may not know is

02:27

that last year 67% of the identity

02:30

records breached in the United States

02:32

happened in

02:34

healthcare today on the black market

02:37

your credit card number is worth only

02:38

about

02:39

$2 where your electronic health record

02:42

is worth anywhere from 10 to 20 so why

02:45

the big difference well if you were to

02:48

notice a fraudulent charge on your

02:50

credit card today you could have the

02:52

charge reversed the card closed and a

02:55

new card in your hand in a matter of

02:56

days it's really not that big of an

02:59

inconvenience

03:00

but your electronic health record that

03:03

has not only your credit card number but

03:06

your address your social security number

03:09

your employer and your insurance

03:11

information so with that kind of

03:13

information I could use the credit card

03:15

number but I could also open new credit

03:18

cards in your name I could potentially

03:20

take out a bank loan I could get high-

03:22

price narcotics on your medical

03:24

insurance so how do you protect against

03:27

that how do you change your name your

03:29

address your

03:30

employer well you can't and that's what

03:33

makes that information so much more

03:36

valuable so we've talked about hackers

03:38

going after medical devices but there's

03:40

actually another category of cyber harm

03:42

that we see more commonly and it's

03:44

accidental cyber harm a lot of cyber

03:48

security is just making a system robust

03:50

to the unknown or the unexpected malice

03:53

is not always a prerequisite for harm so

03:56

take for example something that happened

03:58

earlier this year there was a medical

04:00

device that's used in a heart procedure

04:03

that became unresponsive and unusable

04:05

mid heart

04:07

procedure now later after investigation

04:10

it was found that what happened was the

04:12

antivirus software running on this

04:14

system started to run mid heart

04:17

procedure and in doing so it locked up

04:19

access to data that the medical device

04:21

needed in order to operate so the device

04:24

became

04:25

unresponsive but think about that

04:28

antivirus softwares sole purpose for

04:30

existence is to stop malicious things

04:33

from happening on a system so while that

04:36

that antivirus was trying to stop

04:38

something malicious from happening it

04:40

accidentally did something malicious No

04:42

Malice intended now in this particular

04:45

case the doctors were able to get the

04:47

device back up and running while the

04:49

patient was still sedated and finish the

04:51

surgery but it's so easy to imagine how

04:54

this could have gone so much

04:56

worse or another example that happened

04:58

last year a nurse plugged her cell phone

05:01

into one of the USB ports on the front

05:03

of an anesthesia machine trying to

05:05

charge her phone when she did that the

05:08

anesthesia machine shut

05:10

down now I know you're thinking why

05:13

would you plug your cell phone into an

05:14

anesthesia machine we probably shouldn't

05:16

do that and while I agree with you we've

05:20

all been in those situations where our

05:22

cell phone is about to die we either

05:24

need to make a call or we're expecting

05:26

one and you're looking around

05:27

desperately trying to find somewhere to

05:29

plug into

05:31

charge now that that nurse there was

05:34

there was no malice there she was simply

05:36

looking for somewhere to plug in her

05:37

phone and in that case the anesthesia

05:40

machine was not in use so nobody was

05:42

harmed but again malice is not a

05:45

prerequisite for harm that system was

05:47

not robust to the unknown or the

05:50

unexpected so who am I and why am I here

05:52

talking you about this well my name's

05:55

Stephanie I'm an ethical hacker and I'm

05:58

here to help so what is an ethical

06:01

hacker well ethical hackers are people

06:04

who study hacking we practice hacking

06:07

and then yes we hack stuff um but only

06:10

to test the defenses of that system and

06:12

only in approved

06:14

circumstances but what am I specifically

06:16

doing well my job is to work with

06:18

medical product manufacturers to help

06:20

them designed medical devices worthy of

06:23

our trust the best way to make a system

06:26

secure is to design it in from the

06:28

beginning

06:30

cyber security is not simply a feature

06:32

we can add to a system It's actually an

06:34

emergent property of a well-designed

06:36

system a lot of cyber security recall is

06:39

making things robust to the unknown or

06:41

the

06:42

unexpected so take for example an

06:44

inhaler system I've been working on this

06:47

inhaler system has a Bluetooth

06:49

connection to the patient's smartphone

06:51

so the patient can monitor how many

06:53

doses they have remaining in their

06:55

inhaler now that Bluetooth connection is

06:58

a threat to that device an attacker

07:00

could try to manipulate or steal

07:02

information from you through that

07:04

Bluetooth

07:05

connection so at design time we said

07:08

well we do have a need to send data out

07:12

over Bluetooth but we don't really have

07:14

a need to take any data back so we made

07:17

the conscious decision at design time to

07:19

simply not accept any incoming data over

07:22

Bluetooth by doing that we made

07:25

ourselves resilient to any known

07:26

Bluetooth attacks and any future ones

07:29

robust to the unknown or the

07:31

unexpected but what if your past design

07:34

time so you have a physical device it's

07:36

either prototype device or a medical

07:38

device that's already out in the field

07:40

well then that's when we try to hack it

07:43

we're going to try to hack into it see

07:46

how can we get into it once we're into

07:48

it what can we change what can I access

07:51

what can I manipulate having an ethical

07:53

hacker attack your device is a great way

07:55

to test its defenses they're going to

07:57

tell you what type of attacks they tried

08:00

what worked they'll offer you advice on

08:02

how to make it better and they'll do it

08:04

all under safe circumstances when it's

08:06

not hooked up to a patient and it's not

08:07

hooked up to the hospital Network so

08:11

take take for example that anesthesia

08:13

machine I talked about earlier that

08:14

couldn't handle a cell phone connection

08:17

that's the type of thing that could have

08:18

come up in cyber security testing and

08:20

then we would have made conscious

08:22

decisions of what to do so maybe we

08:24

would have decided there's really no

08:26

need for us to accept cell phone

08:28

connections and if we saw one we'd

08:30

simply reject the connection or maybe we

08:32

would have decided to gracefully handle

08:34

it but we would have handled it in a

08:36

manner that was

08:38

safe now I don't want to leave you with

08:40

the impression that connected medical

08:42

devices are all doom and gloom the truth

08:45

is connected medical devices allow us to

08:47

provide a better quality of patient care

08:50

if I were to suddenly have a need for

08:52

Unique surgery a Surgical Specialist

08:54

halfway across the world could either

08:56

assist in the procedure or perform it

08:59

when I'm in the hospital recovering the

09:01

connected medical devices that are

09:03

monitoring me are able to allow my

09:05

caregivers to see a realtime picture of

09:07

how I'm doing so if something starts to

09:09

go wrong in my recovery they know right

09:12

away when I'm out of the hospital my

09:14

electronic health record can help look

09:16

for potential drug interactions for

09:18

prescriptions I may fill at different

09:21

pharmacies connected medical devices

09:23

like pacemakers allow someone who may

09:25

have lived a very dependent life to now

09:28

live an independent one that connected

09:30

pacemaker can now potentially call for

09:32

help if that patient becomes

09:35

unresponsive think of a diabetic child

09:38

who's able to go to her very first

09:40

sleepover because she now has a

09:42

connected insulin pump that allows her

09:45

parents to remotely monitor her glucose

09:47

levels and deliver insulin if she needs

09:49

it I feel confident in saying that the

09:51

benefit of connected medical devices

09:53

outweighs the risks and myself and other

09:56

ethical hackers are working really hard

09:58

to make sure that the connected medical

10:00

devices out there are worthy of our

10:02

trust thank you

10:14

[Applause]