The U.S. Federal Bureau of Investigation (FBI) warns in a public service announcement that the increasing reliance on web-based technologies is creating new opportunities for cyberattacks from hackers. These threats apply to a wide range of devices—essentially any component or system that “connects to the Internet to automatically send and/or receive data”—that constitute the Internet of Things (IoT).
Examples of IoT devices include “smart” appliances and fitness wearables that track a user’s activity level, as well as healthcare-related technology such as wireless heart monitors and infusion pumps and other medication-dispensing equipment.
A video made waves earlier this summer when it claimed to demonstrate that Hospira’s LifeCare PCA smart infusion pump was vulnerable to remote hacking. Once in control of the pump, a hacker could ostensibly alter the dose delivered to a patient. This particular example of a potential cyberattack turned out to be a bit of a gimmick; the “hacker” later admitted to connecting physically to the device in order to alter the pump’s firmware, essentially opening a false back door to the pump’s programming.
Hospira sent a statement to MedCity News in which it said “these demonstrated hacks were done in nonclinical environments without the security protections and protocols typical of real patient care settings” and that “for a hacker to successfully attack an infusion pump, [he or she] would likely need to remove the device from the clinical environment, modify the pump, and return the device to a clinical setting.”
However, with the use of more medical devices moving outside strict clinical settings, it’s not only healthcare facilities that must take steps to safeguard medical devices. In its alert, the FBI makes a point of addressing all consumers in its recommendations to mitigate the risks of cyberattacks. They are:
- Isolate IoT devices on their own protected networks.
- Disable UPnP [Universal Plug and Play protocol] on routers.
- Consider whether IoT devices are ideal for their intended purpose.
- Purchase IoT devices from manufacturers with a track record of providing secure devices.
- When available, update IoT devices with security patches.
- Be aware of the capabilities of the devices and appliances installed in homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it to operate on a home network with a secured Wi-Fi router.
- Use current best practices when connecting IoT devices to wireless networks, and when connecting remotely to an IoT device.
- Be informed about the capabilities of any medical devices prescribed for at-home use. If the device is capable of remote operation or transmission of data, it could be a target for a malicious actor.
- Ensure all default passwords are changed to strong passwords. Do not use the default password determined by the device manufacturer.
Filed Under: Industry regulations
