THaW researchers A.J. Burns, Eric Johnson and Peter Honeyman, have compiled a compelling chronology of medical device security in their recently published article in Communications of the ACM, “A Brief Chronology of Medical Device Security” (see the THaW blog’s publication page for complete reference information and a link to the article).
The authors identify three key points relating to medical devices:
- Frightening language and misinformation often characterize discussions of cybersecurity and medical devices.
- There are always security trade-offs when designing, deploying, and maintaining medical devices.
- Medical devices are often not that different than other network-enabled digital devices, in terms of their vulnerability to network-based cyberattack.
The authors further identify four major periods that span the evolution of medical devices:
- Complex systems and accidental disasters
- Implantable medical devices
- The threat of unauthorized access
- Cyber threats to medical device security
The article offers a comprehensive examination of the legislative timeline and the evolving threats to information security in healthcare. They argue that “the steps we take today will largely define the future of medical device security,” and while there is a temptation to publicly wring our hands in despair over medical-device insecurity, “we must resist the temptation to sensationalize the issues…and instead apply sober, rational, systematic approaches to understanding and mitigating security risks.”
The authors conclude by challenging the medical-device community to better secure these devices:
“…it is safe to say that patients’ reluctance to accept medically indicated devices due to concerns about security poses a greater threat to their health than any threat stemming from medical device security…it is incumbent on our field to continue to prioritize the security of medical devices as a part of our fiduciary responsibility to act in the interests of those who rely on these life-saving devices.”
For complete reference information and a link to the article, please visit the THaW publication page.