Monday, April 30, 2018

When physicians need a doctor

Have you ever wondered if  physicians with health problems visit a doctor? Unless you are stubborn like Doctor House, everyone with a problem needs solutions. Medical devices are also vulnerable to cyberattacks and can risk not only the info and stored data, but the patients health too. Recently, Facebook and Uber users data have been affected by security breaches, as in Healthcare, in which the info of 18.000 member was leaked. 

In 2017, FEDA confirmed the vulnerability of  the implantable heart devices known as cardiac pacemakers. If they are hacked, cybercriminals could use their access to these devices to  prematurely empty the battery or changing the device frequency, killing the bearer.
Because of this problem, MedCrypt, a cybersecurity company from California founded in 2016, offers a solution. Mike Kijewski, CEO of MedCrypt talks about it at the interview with Medgadget: "he problem of medical device cybersecurity wasn’t broadly understood by the industry until the FDA’s cybersecurity guidance documents were released in 2016". 

The main medical devices providers thought they were exempt of external attacks and that their security was not a problem, as Mike Kijewski explains: "By the last quarter of 2017, most major device vendors had “seen the light” that this is a major issue, and one that will require collaboration between device vendors, providers, and technology companies".

The he medical devices companies current situation is not good. Starting with the FDA´s document in 2016, many companies were warned of the dangers they were exposed to, but not all of the started to work in these problems: "There are absolutely companies that see medical device security as being both an important safety concern and a potential business enabler. That wasn’t true two years ago. But we still see companies say they will only address product security when a regulatory agency forces them to do so. Fortunately, it seems the FDA has promised to do that in the near future".

As we told at the beginning of the post, not only the information and the patients data are endangered. A cyberattack could risk people's lives as MIke Kijewski says: "The risks for patients can range from theft of personal data to physical harm. For medical device companies, the financial risks are really hard to quantify. We’ve seen a couple of companies drop entire product lines after a major vulnerability is found. It’s hard to know if those events were causal, but it’s clear that a recall of hundreds of thousands of implantable medical devices is neither cheap nor good publicity."

MedCrypt, the medical cybersecurity company, offers data security with a service that assures that  devices will only respond to reliable sources. MedCrypt capacities include: data encryption, electronic signing, unique keys assignment to every system user and real time monitoring of the devices. 
Kijewski explains how does the tool work: MedCrypt’s software gives engineers writing code for medical devices easy access to security features via an API. For example, a user can call our API to cryptographically sign an instruction being sent to a device, and again to validate the signature once the instruction is received. While that may seem like a trivial engineering task, addressing all of the edge cases around key provisioning, management, vulnerability patching, cypher selection, etc. can quickly make those tasks challenging. We remove that complexity from our users’ workflow, allowing them to focus on clinical features".

Many times, as daily users of  conventional devices, we do not realize the problems we can suffer. A fake email or the typical antivirus warning are problems that we use to overlook, but we could never imagine that our live was at risk. 


Post a Comment