Security Protocols Needed For Medical Devices
As a skeptic of the line of thought that thinks putting something on the Internet for convenience (and because the developers know how to do it easily and cheaply), I can heartily say that I would not want something implanted in my body that’s accessible to anyone via an IP address.
Unlike previous medical devices, the latest generation can be controlled automatically or remotely over the Internet. The benefits are obvious–they allow patients much greater mobility and the need for daily trips to a doctor’s office are obviated. In addition, these devices can dramatically lower health care costs, guaranteeing their wider user and acceptance moving forward.
…
While nobody worried about the 6 Million Dollar Man being hacked, the time has come to seriously consider the security protocols, or lack thereof, of today’s modern medical devices. As the story below indicates, the integration of technology into the human body has created opportunities for newer and more serious forms computer crime and hacking. In the past, a hacker might have been able to illegally enter a desktop computer system, read a targets personal data or even gain control of another person’s financial accounts. In comparison to the potential threat from Internet-based medical devices, the threats from “old-school” hacking seem mild by comparison.
This goes pretty much for any critical infrastructure. You, there, testing embedded devices, manufacturing controls, transformers, and so on. Seriously, isn’t it worth a little effort (okay, a lot of extra effort) to put that on a secure, dedicated network to make sure that some punk in Montreal doesn’t kill someone with your product?
