Protecting Medical Devices from Cyberharm | Stephanie Domas | TEDxColumbus

TEDx Talks
5 Dec 201610:15

Summary

TLDRIn this talk, ethical hacker Stephanie discusses the increasing connectivity of medical devices and the associated cybersecurity risks. She clarifies that while hacking medical devices isn't a common threat to the average person, the real danger lies in data breaches and accidental cyber harm. Stephanie emphasizes the importance of designing cybersecurity into medical devices from the ground up and shares how ethical hacking can help ensure the safety and reliability of these life-critical technologies.

Takeaways

  • 🔗 Medical devices are becoming increasingly connected, including to hospital networks, smartphones, and the internet.
  • ⚠️ One in four medical devices is now connected, and patients may encounter up to 10 connected devices during a hospital visit.
  • 🛡️ While the idea of hackers harming people through devices like pacemakers is scary, such attacks are generally not remote or scalable, meaning they're not common or easy to perform.
  • 💳 Hackers are targeting medical devices not to harm patients but to access valuable personal data, such as electronic health records, which are more valuable than credit card information on the black market.
  • 🏥 67% of data breaches in the U.S. last year were in healthcare, with medical records being used for identity theft, fraud, or illicit drug procurement.
  • 💻 Cyber harm is not always intentional; accidents can happen. For example, antivirus software interrupted a heart procedure by making a medical device unresponsive.
  • 📱 Simple actions, like a nurse charging her phone through a USB port on an anesthesia machine, can cause devices to malfunction unexpectedly, highlighting the importance of robust design.
  • 🤖 Ethical hackers help test and improve the security of medical devices by attempting to hack them in a controlled environment, ensuring they're safe from real-world attacks.
  • 🔒 Designing security features into medical devices from the start, such as rejecting unnecessary Bluetooth connections, can make them more resilient to current and future threats.
  • 🌍 Despite the risks, connected medical devices provide significant benefits, including remote patient monitoring, better care coordination, and the ability for patients to lead more independent lives.

Q & A

  • Why are medical devices becoming more vulnerable to cyberattacks?

    -Medical devices are becoming more vulnerable because they are increasingly connected to other devices, hospital networks, smartphones, and the internet. This connectivity opens new opportunities for cyberattacks.

  • What type of cyberattacks do hackers prefer when targeting medical devices?

    -Hackers prefer remote and scalable attacks. Remote attacks allow them to operate from a distance, and scalable attacks enable them to target multiple devices or people simultaneously, making them more efficient.

  • Why aren't hackers primarily interested in harming people directly through their medical devices?

    -While it’s possible to harm someone via a medical device, such attacks are not common because they are not easily remote or scalable. It typically requires close physical proximity and specialized equipment, which makes other methods of attack more attractive to hackers.

  • Why are electronic health records more valuable than credit card information on the black market?

    -Electronic health records are more valuable because they contain much more sensitive information than credit cards, including social security numbers, addresses, and insurance details. This data can be used for identity theft, taking out loans, or obtaining medical drugs, making it difficult for victims to fully protect themselves.

  • What is an example of accidental cyber harm in medical devices?

    -An example of accidental cyber harm occurred when an antivirus program on a medical device started running during a heart procedure, causing the device to become unresponsive. The software locked up data that the device needed to function, illustrating how unintended consequences can cause harm.

  • How do ethical hackers help improve the security of medical devices?

    -Ethical hackers test medical devices by attempting to hack into them in approved circumstances. They find vulnerabilities, suggest improvements, and ensure the devices are robust against potential attacks. This testing happens in controlled environments to avoid harm.

  • What steps can be taken during the design phase of medical devices to improve security?

    -During the design phase, developers can make conscious decisions that minimize risks. For example, in one case, designers chose not to allow incoming data over Bluetooth to prevent potential attacks. Designing security features from the start makes systems more resilient to both known and future threats.

  • What are the risks of connecting smartphones or other personal devices to medical equipment?

    -Connecting personal devices to medical equipment can disrupt its function. In one case, a nurse plugged her phone into a USB port on an anesthesia machine, causing the machine to shut down. Even though the shutdown was unintentional, it highlights how unexpected interactions can lead to dangerous situations.

  • Why did former Vice President Dick Cheney have the wireless feature of his pacemaker disabled?

    -Dick Cheney had the wireless connectivity of his pacemaker disabled because, for someone in his position, it was considered a realistic security threat. Although such attacks are unlikely for the average person, high-profile individuals may be at higher risk.

  • What benefits do connected medical devices offer despite the security risks?

    -Connected medical devices provide numerous benefits, such as enabling remote surgeries, offering real-time patient monitoring, and improving the quality of care. For instance, devices like pacemakers or insulin pumps allow patients to live more independently while ensuring their caregivers can monitor and respond to health issues promptly.

Outlines

plate

このセクションは有料ユーザー限定です。 アクセスするには、アップグレードをお願いします。

今すぐアップグレード

Mindmap

plate

このセクションは有料ユーザー限定です。 アクセスするには、アップグレードをお願いします。

今すぐアップグレード

Keywords

plate

このセクションは有料ユーザー限定です。 アクセスするには、アップグレードをお願いします。

今すぐアップグレード

Highlights

plate

このセクションは有料ユーザー限定です。 アクセスするには、アップグレードをお願いします。

今すぐアップグレード

Transcripts

plate

このセクションは有料ユーザー限定です。 アクセスするには、アップグレードをお願いします。

今すぐアップグレード
Rate This

5.0 / 5 (0 votes)

関連タグ
Medical DevicesCybersecurityEthical HackingPatient CareData BreachHealthcareInternet of ThingsPacemaker RiskSmart DevicesCyber Threats
英語で要約が必要ですか?