Medical Device Cybersecurity: 3 Alerts Issued

Federal regulators have recently issued three advisories on cybersecurity vulnerabilities identified in medical devices. Some experts say the spotlighted flaws are issues commonly found in legacy medical devices as well as other IT products.

See Also: The Application Security Team’s Framework For Upgrading Legacy Applications

The advisories from the U.S Computer Emergency Response Team, or U.S. CERT, a unit of the recently launched Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, address the following issues:

A “session fixation” vulnerability. This is in certain versions of the BD Pyxis medication management platform from Becton Dickinson.

Existing access privileges are not restricted in coordination with the expiration of access based on Active Directory user account changes when the device is joined to an Active Directory domain. Successful exploitation of this vulnerability could allow the AD credentials of a previously authenticated user to be used to gain access to the device, patient data and medications.

For exploitation to occur, products must be actively using AD for login and be connected to the hospital domain. Users who do not use AD are not impacted by this vulnerability.

A “use of obsolete function” vulnerability. This vulnerability occurs in the Philips HDI 4000 Ultrasound system if it runs an outdated and unsupported operating system, such as Windows 2000. The vulnerability could allow an unauthorized user to access ultrasound images or compromise image integrity.

“An “incorrect default permissions” vulnerability. This is found in some cardiology products from Change Healthcare, which was created in 2016 when McKesson Corp.’s information technology unit merged with Change Healthcare Holdings.

The vulnerability affects Horizon Cardiology 11.x and earlier, Horizon Cardiology 12.x, McKesson Cardiology 13.x, McKesson Cardiology 14.x and Change Healthcare Cardiology 14.1.x. Insecure file permissions in the default installation could enable an attacker with local system access to execute unauthorized arbitrary code.

How artificial intelligence can allow providers to get a better handle on social determinants of he…

Digitalising Healthcare

Digitalisation has made a huge impact on life today, this is not only seen in manufacturing but also communications and particularly in healthcare services. By digitalising healthcare, we can provide high-quality care whilst also improving patient experiences.

Healthcare’s digitalisation is evident, although this seems to be happening slowly due to the sector’s slow adoption of new technology. Today, healthcare faces issues such as the ageing population, increasing medical costs and chronic diseases – digitalisation could be the key to tackling these challenges. Also, staff shortages have been highlighted as an ongoing issue in healthcare, shifting a focus to make systems more efficient.

A survey of IT leaders, conducted by MeriTalk, found that $342 billion is lost in benefits each year due to poor data integration. This is mainly due to a lack of interoperability between government health and human services agencies.

It has also been found that a large majority of medical tests are not being followed up, with numbers as high as 62% for laboratory tests and 35% for radiology tests. Critical diagnoses are therefore being missed as a result of this.

To tackle the rising medical costs, healthcare needs efficiency gains. In a recent Harvard Review, it was discovered that healthcare costs in the U.S. account for a fifth of all economic activity. This number is expected to rise over the coming years as a result of high life expectancies and the increasing number of chronic diseases such as obesity and diabetes.

Clear evidence of healthcare’s digitalisation can be seen in the medical equipment sector, for example, the cyberknife for brain surgery and prostatectomy robots. New technology such as artificial intelligence (AI) and the Internet of Things (IoT) have also been making waves in this respect. The data generated by the healthcare industry is growing at a rate of 48% each year as a result of utilising this new technology. It is therefore unsurprising that providers now want to utilise this data to gain more information about the patients they are treating.

There are many other up and coming areas for digitalisation in healthcare, such as:

The Internet of Medical Things (IoMT) This gives patients the ability to consolidate data through the use of medical equipment with access to collect, analyse and send data, allowing direct healthcare connectivity. Healthcare 4.0 By utilising data for information allows healthcare management to make more informed decisions and increase the efficiency of the healthcare system. Artificial Intelligence (AI) Shortages in radiology mean that there is an increasing gap between the radiologist and patient data. AI is a tool which could help tackle this issue and increase productivity. Cybersecurity With patient records being monetised, concerns have been raised over current cybersecurity issues. It is only by improving security issues can health providers work to maintain the patient’s privacy.