This article is over 4 years old


Medical Devices Are Ubiquitous, Vital, And Often Unsecure

Hundreds of health devices, including heart monitors, CT machines and anesthesia devices are all open targets

Medical devices are hackable

When Jay Radcliffe hacked his own insulin pump on stage at the Black Hat cybersecurity conference in 2011, the room filled with applause. Diagnosed with type one diabetes at age 22, he had just demonstrated how a bad guy could really mess him up.

"You could give me insulin right now, without my authority," he said from the stage.

At the time, very few had shown how lax the security of these medical devices were.

"I wrote a program that would turn off my insulin pump and change the therapy settings without the user knowing it," he said in a recent interview. "It turned into this very, very big thing."

For years, device manufacturers assumed doctors and technicians would be the only ones interested in these devices. But it quickly became clear this was just the beginning.

As the healthcare industry becomes increasingly connected to deliver real-time data, monitoring and new therapy options, it isn't just the implantable pacemaker or insulin pump with problems.

The bedside patient heart monitor and anesthesia machines, the lab CT machine and hundreds of other health devices of various purposes, operating systems and connectivity are all open targets — threatening patients and creating a massive attack surface for bad guys.

Between 2016-2018 there was a 400% increase per quarter in cybersecurity warnings from manufacturers. It could reflect companies being more transparent after the U.S. Food and Drug administration released new guidance for medical device manufacturers in 2016.

Back in 2011, “transparent” isn’t how Radcliffe would describe them. And they were ill-prepared for outsiders like him saying, "Hey, you got a problem here."

"They weren't very responsive. They didn't return my phone calls," he said. "They didn't have a process or procedure. If there's no process (with these big companies), it's kind of paralysis."