Hacked medical device: ‘where bits and bytes meet flesh and blood’

By Erin Ayers on April 23, 2018

White-hat hackers joined the white coats in a simulation of a hacked medical device during this year’s RSA Conference in an effort to demonstrate the very real cyber risk faced by healthcare organizations in securing medical devices.

“Our dependence on connected technology is growing much faster than our ability to secure it,” said Josh Corman, chief security officer and founder of cybersecurity firm PTC.

“Nothing’s going to change until someone dies, so we’re going to do what any good, self-respecting hackers would do and we killed people,” said Corman.

“We have to do better to try to make sure these devices are trustworthy,” said Corman. Healthcare organizations are already fighting an uphill battle against cyber risk, he explained, sharing the results of a survey PTC conducted in collaboration with the US Food and Drug Administration.

The study showed that 85 percent of hospitals don’t employ even one cybersecurity professional, showing a severe talent shortage. In addition, the systems hospitals are defending frequently run on Windows XP or older.

Additionally, a push by the federal government to shift to electronic medical records mean “has forced medical systems that were never meant to connect to anything to connect to everything.”

“The blast radius is typically the entire healthcare organization,” Corman said. With 1,000 or more vulnerabilities discovered in the typical medical device, he added, the threat is not just loss of records or a HIPAA violation, but the disruption of critical medical care.


This story in an excerpt of the original. The content originally appeared in Professional Front Page News.
To read the full story, you must be a subscriber. If you are a subscriber, check your email for Professional Front Page News on April 23, 2018.


Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].