Cybersecurity Practice #9: Medical Device Security (small)

Modified on Wed, 14 Jun, 2023 at 12:53 PM

Medical devices are essential to diagnostic, therapeutic and treatment practices. These devices deliver significant benefits and are successful in the treatment of many diseases.


As technology advances and health care environments migrate to digitized systems, so do medical devices. For many reasons, it is highly desirable to interface medical devices directly with clinical systems. Automating data collection from medical devices reduces the labor burden and exposure to human error that results from manual input of data. Furthermore, automated control of device instrumentation delivers the most accurate treatment possible to the patient. For example, bedside vital signs monitors are networked to centralized nursing station displays and alarms, and infusion pumps are networked to servers to distribute drug libraries as well as download usage data.


As with all technologies, medical device benefits are accompanied by cybersecurity challenges. One emerging threat is the practice of hacking medical devices to cause harm by operating them in an unintended manner. For example, the 2015 document “How to Hack an Infusion Pump” describes how an infusion pump can be controlled remotely to modify the dosage of drugs, threatening patient safety and well-being.


Cybersecurity vulnerabilities are introduced when medical devices are connected to a network or computer to process required updates. Many medical devices are managed remotely by third-party vendors, which increases the attack footprint.


Sub-Practices for Small Organizations

 

9.S.A

Medical Device Security

NIST FRAMEWORK REF:

PR.PT

  • If your organization connects medical devices to a network, consider the practices recommended in Cybersecurity Practice #9: Medical Device Security in Technical Volume 2.


Threats Mitigated

  1. Attacks against connected medical devices that may affect patient safety

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article