Thanks to the fine folks at Palo Alto Networks we have a better view of the relative safety and security of network-capable medical devices. Unfortunately, the news is grim.
Based on their findings after examining more than 200,000 infusion pumps, about half are vulnerable to critical security issues.
Yes you read that correctly. That’s 100,000 infusion pumps that are critically vulnerable to hacking attacks. To put it another way, that’s 100,000 chances every single day that someone is going to initiate a hacking attack that will actually kill someone.
What’s worse is that of the eleven security vulnerabilities identified by their research, no one is making it a priority to fix the issues. Even if they did try to fix it, it’s anyone’s guess how quickly those devices would be updated or if they would be updated at all.
This is not unique to the world of “smart” medical devices either. In fact, as the Internet of Things (IoT) grows, one of the biggest security challenges we face will be how to better secure those legions of “smart” devices. That is because most product manufacturers send them out the door with little to no protection, and often in the cases of devices with protection it’s so marginal as to be practically nonexistent.
Of course, part of the problem lies in the fact that product manufacturers aren’t on the hook if a product they sell without security or with fatally flawed security gets hacked. That will likely change but it hasn’t so far. So there’s very little incentive for manufacturers to improve.
In any case, if you or someone you know uses a “smart” infusion pump be aware that based on Palo Alto’s research more than half of them (52 percent) are incredibly easy for hackers to take control of and that’s terrifying.