Endpoint Security , Next-Generation Technologies & Secure Development , Open XDR

Medical Devices: Recognizing When Attacks Cause Malfunctions

Rob Bathurst of Cylance on Enhancing Security of Devices

When a medical device malfunctions, many healthcare organizations don't realize the problem might be related to a cyberattack, says Rob Bathurst, managing director for healthcare and life sciences at Cylance Inc.

See Also: The Essential Guide to MITRE ATT&CK Round 4

"In terms of suspecting a medical device being compromised by an attack, what we run into at most organizations is that they don't have the capability or process right now to recognize it was an attack and not just a generic malfunction of the device," Bathurst says in a video interview at Information Security Media Group's recent Healthcare Security Summit in New York.

"What we recommend in the case that a device begins to malfunction is that before it gets sent to [the] biomedicine [department] for reset, initiate a preliminary assessment of what was going on with the device when it malfunctioned," he urges.

"It could be a case where your incident response procedures could dictate that more action be taken with the device," he says. In most cases, however, "organizations will treat it as a common malfunction and it will get reset and rebooted."

Healthcare organizations need to have the capability to understand that their medical devices may have been targeted before they can "go through and figure out why, where or how," he says.

Although there have been a number of high-profile ethical hacker demonstrations showing targeted attacks affecting the performance of medical devices, in the real world today, "what we've found is that medical devices aren't necessarily the target currently, but they are a peripheral device that is usually accessed accidentally or in conjunction with a particular kind of attack," he says. "The most common case we see is ransomware or those self-propagating types of malware that usually impact a medical device as sort of a target of opportunity that causes its availability to be lost or a particular function to go down."

In the interview, Bathurst also discusses:

  • Who should be responsible for medical device security;
  • Steps entities can take right now to improve the cybersecurity of their medical devices.

Bathurst is managing director for healthcare and life sciences at Cylance Inc., where he is responsible for advising and partnering with major healthcare providers, medical device manufactures and pharmaceutical companies to help those organizations stay ahead of threats. Prior to Cylance, he was the senior technical adviser on emerging threats and attack techniques at the Mayo Clinic, where he also led the technical vulnerability assessment team and vulnerability management team.


About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.