Medical device security research on the upswing

Healthcare professionals should look for an uptick in cybersecurity research for medical devices during 2016, security researcher Billy Rios says in an interview with HealthcareInfoSecurity.

Rios, founder of the independent security research and services firm Whitescope, says he's been contacted by an array of people wanting to get involved--people who in the past have not been focused on healthcare security research.

He expects the result to be more advisories from the U.S. Food and Drug Administration, especially along the lines of its warnings about infusion pumps, but also advisories from the Department of Homeland Security.

Rios says he is working with several organizations to develop a formal methodology for determining whether a given vulnerability poses a risk to patient safety.

"We have to systematically and objectively determine which security vulnerabilities present risks to patient harm and which present harm only to the IT infrastructure. Both are very important, but as a patient safety issue, we certainly have to treat them differently," he says.

Some medical devices he's looked into have thousands of known vulnerabilities. Many of them are potential problems already there when a hospital buys the equipment, he adds. "Once a hospital buys a device, the work's not done," he says. In some cases, the problem could be remediated merely downloading a patch, but this often isn't done.

The FDA's recent guidance on postmarket surveillance is an attempt to address those issues.

Rios gained attention by pointing out the infusion pump vulnerabilities to the FDA. He's been among the agency's critics who have termed it a "toothless dragon" in its lax oversight of medical device issues.

To learn more:
- read the article

Suggested Articles

Most healthcare organizations are lagging in awareness and preparedness for compliance with proposed interoperability rules, according to a survey.

Medical Group Management Association officials got out their crystal ball Monday.

Abbott is teaming up with diabetes coaching platform Omada Health to launch an integrated digital platform for people living with Type 2 diabetes.