Biting Into IoT Medical Device Cybersecurity

An Examination of Wireless Medical Device Cybersecurity Issues Following the October 2016 Internet Outage

If you weren’t affected by what some are calling “the Internet apocalypse”, then you almost certainly heard about the massive distribution denial of services (DDoS) attack earlier this month that has made the topic of cybersecurity one that is more than just a threat to be discussed by U.S. Presidential candidates.

 

Likewise, if you’ve been following our blog, you’ve also likely heard us talking about cybersecurity as it relates to wireless medical devices—most recently in Wireless Medical Device Cybersecurity: FDA Draft Guidelines.

 

If there is one “benefit,” for lack of a better word, for the recent DDoS attack is that it is thrusting IoT medical device cybersecurity into the mainstream discourse. Unfortunately, it might also be unfairly lumping all IoT manufacturers together—which might not be entirely fair to IoT medical device companies.

 

For instance, NBC News recently published an online article, Internet of Things: Have We Bitten Off More Than We Can Chew? in which it addressed some very interesting points about IoT—both in general and specifically in regards to wireless medical devices.

 

IoT: Getting Too Big Too Fast?

 

The article said there are approximately 6.4 billion IoT devices currently in use, with estimates for the figure to reach 20.8 billion by 2020. This should come as no surprise to anybody that is engaged in wireless medical devices.

 

The article next explained that the DDoS attack was in part due to IoT device vulnerabilities that enabled “harmless Web-connected home devices” to function as “cyber soldiers in a ‘botnet’—a network of ‘bots.’” Further, it explained how IoT security has “by far the most spectacular vulnerabilities.” For instance, the relative ease in hacking an electronic wheelchair has been demonstrated by hackers that work with manufacturer security teams to identify security flaws.

 

With IoT device being so capable—and vulnerable—for maligned activities, the need for improved security is evident. However, the article indicated that it not a priority for manufacturers because “it’s an economic disincentive” to invest additional time and money into an IoT device because they want to “rush it out to market to sure they land the first punch.”

 

Are IoT Medical Device Manufacturers More Proactive About Cybersecurity?

 

Perhaps for consumer IoT, the “rush it to market” sentiment is true, however, it’s perhaps not as true—and per-haps a bit insulting—to IoT medical device design and development companies. And this precisely one of the reasons why we discuss matters such as what we covered in Wireless Medical Device Cybersecurity: FDA Draft Guidelines.

 

As we wrote in that blog, “Wireless medical device data takes the level of personal information to an entirely new level.” In short, IoT medical device designers, developers and manufacturers are keenly aware of the risks involved with IoT cybersecurity—risks that don’t just result in “an inconvenience for everyone” (as the NBC article said), but instead, the health and privacy of IoT medical device users.

 

There’s no doubt that cybersecurity—no matter the user or market—is an important issue and one that will never have a perfect solution. But hopefully all IoT manufacturers can learn not just from flaws that are sometimes brought to light in unpleasant ways—such as with the DDoS attack—but all can embrace the challenges (and risks) that we can definitely say that IoT medical device manufacturers have embraced.