In October 2016 Johnson & Johnson sent letters to the 114,000 users of its Animas OneTouch Ping Insulin Pump. The company acknowledged the medical device was vulnerable to hackers who could endanger its users’ lives.
It’s not just insulin pumps that are appealing to hackers, but the 10- to 15-connected devices associated with each bed in a hospital. Large hospital systems can have up to 5,000 beds. And in an industry estimated to be worth US$400 billion globally, it only takes one death directly linked to a hacked medical device to impact the bottom lines of hundreds of companies.
Promon SHIELD™ not only helps protect the health of medical device app makers, but may also prevent needless injury due to cyber attacks on clinical IoT (Internet of Things).
Medical Device Vulnerabilities
Implanted medical devices like pacemakers and defibrillators are particularly vulnerable to hacking. They rely on wireless communications that device manufacturers typically leave lightly protected from attack.
In addition, The Harvard Business Review cited that hospitals and clinics actively deploy “significant mobile device management protocols on only 56.3% acute devices and 35.5% nonacute devices.”
Hospitals and clinics cannot rely on conventional network cyber security methods. Many of the devices — especially personal staff devices — operate outside the perimeter of traditional IT departmental defences for corporate data.
Impact on Patient Well-being
IoT-connected devices in medical facilities present IT departments with life-threatening issues beyond typical corporate challenges:
- Cyber attacks on medical devices can have dire consequences on patient health. For instance, malicious players can control bedside connected devices that monitor cardiovascular activity to display inaccurate readings;
- Cybercriminals can also control unprotected wireless devices that regulate injections that patients rely on to regulate life-giving injections;
- Hackers can also gain access to IoT-connected equipment in surgeries through legacy computers and networks to interrupt operations;
- Compromised IoT devices can serve as platforms to attack patient clinical records;
- Malware can slow device performance substantially, delaying critical device calculations and patient readings.
The Promon Solution
Promon SHIELD™ offers an approach to cyber security on mobile and desktop devices called Runtime Application Self-Protection (RASP). RASP affords security functionality at the level of the apps that people use on their devices.
Hospitals and clinics need to guard against an array of cybersecurity vulnerabilities to protect the health of their patients and the private details of their customers.
Promon SHIELD™ protects devices at the app- and root-level of devices, including:
- detecting when malware is attempting a low-level takeover of a device;
- stopping hackers from changing the nature of software on a device;
- precluding invasion of software through the software’s library of subroutines;
- alerting managers of changes in the normal flow of an app;
- halting malware from hijacking advanced application processes and functions.