Medical Device Cybersecurity: The First 164 Years
By Kevin Fu, 4th Annual Medical Device Connectivity Conference & Exhibition, Joseph B. Martin Conference Center at Harvard Medical School, Boston, MA, Nov 1, 2012.
We've all seen the news stories about hacking implanted pacemakers and patient worn insulin pumps. However, what keeps me up at night is a more mundane security problem: unavailability of patient care. When conventional malware shuts down a cath lab, seriously ill patients can be subjected to unnecessary risk of transport. When a medical system is not available for use, patients do not receive the quality of care they deserve. This presentation will explore the risks, realities and countermeasures of medical device system security. Systems considered will range from purpose-built systems like pacemakers and programmers to embedded system medical devices interconnected on enterprise wide IT infrastructures. The effectiveness of current methods, tools and countermeasures will be discussed, with an emphasis on continuing gaps and vulnerabilities. Best practices for manufacturers and providers will be presented, as well as predictions on emerging risks.If you can't wait until Thursday, then you can skim a related talk on regulatory responsibilities for medical device security that I gave yesterday at the Regulatory Affairs Professionals Society in Seattle. There's no reason to panic. Just be informed and commit to improving the cybersecurity of increasingly interconnected medical devices.