An always connected CGM would be very useful (just saying) . That’s why security is a 24/7 365 day thing.
Having a device transmit every 5min. (for example) sounds a bit like ‘security through obscurity’.
Absolutely agree IoT security is crap.
A children's nurse told delegates at the Virus Bulletin conference in Madrid on Thursday to get a grip on Internet of Things security. Jelena Milosevic, who developed an interest in cybersecurity over the last three years, told attendees that the healthcare sector needs to work with infosec experts and manufacturers to sort …
"Having a device transmit every 5min. (for example) sounds a bit like ‘security through obscurity’."
I think she's suggesting that many devices only need to connect once in a while, eg once per day, to send some data as well as having some proper security. If a device doesn't have a need for 24/7 connectivity, you are reducing the attack surface. Does an insulin pump or a heart pacemaker really need 24/7 connectivity? Or can they just report in every day while having enough smarts to connect if there are anomalies?
"Does an insulin pump or a heart pacemaker really need 24/7 connectivity?"We've discussed my St Jude cardiac implant before when it was deemed insecure. While it's capable of transmitting 24/7, it can only be reprogrammed when a large magnet is placed over it. This happens at three-monthly intervals and the window of opportunity for putative hackers is less than half an hour. During that period, Miriam, the technologist I see, is monitoring the device and likely to notice anything unusual.
"While it's capable of transmitting 24/7, it can only be reprogrammed when a large magnet is placed over it. This happens at three-monthly intervals and the window of opportunity for putative hackers is less than half an hour."
And there is also the non-trivial fact that the cardiac implant is not a long range receiver so the would-be hacker should be very near to you or use a considerable amount of power.
Who's going to PAY for this security overhaul when hospitals have tight budgets to work with (such that things don't get upgraded unless they BREAK; justifying emergency expenses)? Meanwhile, hospital staff have other things to worry about: like actually saving lives. Unless they can DIRECTLY attribute a security breath to deaths, their priorities won't change because their liability won't change.
Unfortunately, the fallout comes AFTER people fail to "do things right", not BEFORE.
One sometimes comes across a sporty car upside down in a field with smoke coming out of it. Presumably they were driven by optimists who were quite sure of their ability to get around a given corner without slowing down beyond 65 mph.
One is tempted to think, "Well that'll teach him". But of course it won't, because he is dead and no longer capable of learning. And all the other optimists will be quite sure that he just wasn't as skilful as they are.
"t'll probably cost less to deal with the fallout than to actually do things right."
Pay and cost, at least monetary cost, are two different things. It may cost the vendor money to do things right but if they don't you may pay - with your life.
Of course, there's always the other aspect of it: if the market is properly regulated you, as a vendor, don't get to sell your product if you're not doing things right so you don't get any money at all. And as it's the same for your competitors you're not at a disadvantage by doing things right. The only way to disadvantage yourself would be not to spend the money in the first place.
But regulation introduces externalities. It can now cost less to bribe (or otherwise influence) the regulators to look the other way. If they're stubborn or have an Untouchable streak, go OVER them. And when you have that situation, nice guys finish last because by the time the fallout hits, the cumulative price disadvantage becomes too great for the nice guys to keep going.
She did say, as written in the article, that security should be built in from the ground up so the price of that security would be included in the purchase price.
Though it is unlikely that any security will be perfect for the life of a piece of kit so a firm protocol for security updating should also be built in.
'For one thing there is no medical need for such devices to be connected to the net 24/7'
So, don't connect the medical devices to the Internet. For each hospital create a VPN network, each node running on embedded hardware and connect your devices through this network. I can hear the response, what about the latest innovation, the answer being: TCP/IP hasn't changed since 1983.
"IoT vendors have a reputation for being slow to both acknowledge and remediate security problems."
Well then, the obvious solution is to ban IoT devices from hospitals :)
" the obvious solution is to ban IoT devices from hospitals :)"After receiving my cardiac implant, I was given a portable EKG that reported my heart status to the nurse workstation via WiFi. Being ambulatory, it meant when I awoke in the night I could go take a piss. The old way I would have been wired to a device and need to ask for a bottle to piss in. I have never during previous hospitalisations been given a bottle in less than 20-30 minutes. Until I was recently prescribed Duodart, I had 10 minutes or less after awaking to get to a toilet to relieve my bladder. Frankly, I don't think changing bedclothes in the middle of the night is a good use of nurses' time.
FWIW the portable EKG was a bit of an antique; the workstation was running XP. Yes, things need to change, but not by reverting to how things were done in the distant past.
"After receiving my cardiac implant, I was given a portable EKG that reported my heart status to the nurse workstation via WiFi."
As long as someone couldn't remotely reset your heart when the license expires,a WiFi connection that reports your heart status is acceptable. (clippy: it looks like your having a heart attack)
@cream wobbly: "there's likely zero security on the device itself because the VPN is seen as sufficient"
The device wouldn't use generic WiFi, but a highly customized version where each workstation/device pair uses a unique encryption key, the software running on embedded read/only hardware, rendering them immune to standard hacking techniques.
"The device wouldn't use generic WiFi, but a highly customized version where each workstation/device pair uses a unique encryption key, the software running on embedded read/only hardware, rendering them immune to standard hacking techniques."
Then what happens WHEN (not IF) an exploit is found on that immutable hardware that enables stealing the keys or even bypassing the system altogether? Since you have immutable hardware, you can't just upload new code (if you can, the update mechanism itself can be exploited); now you gotta roll out new hardware at additional cost: another strain on the budgets.
"As long as someone couldn't remotely reset your heart when the license expires,a WiFi connection that reports your heart status is acceptable."The earlier reported vuln means a miscreant can reset the device. However, it requires the device to be set into receive mode by placing a powerful magnet very close (in contact with the skin). It also requires a dedicated machine to do the controlling and that has to be no further than 3 metres away. It resembles a conventional laptop except it doesn't have a keyboard or mouse. The software is dedicated, not generic and runs on Linux. You would also need considerable training to use it. The technician I see told me it took 12 months to train her assistant who was already trained in more general medicinal care.
"Not connected to the Internet" but connected to a VPN means two things:
1. there's only one more layer of security to get through to attack such devices
2. there's likely zero security on the device itself because the VPN is seen as sufficient
and for a bonus
3. you can scratch the first two letters of IoT
I would tend to believe a former healthcare professional which she speaks in the context of cybersecurity that these devices don't need to be connected.
"there's only one more layer of security to get through to attack such devices"
Don't use the same hardware running on top of the same software in all the hospitals on the planet. As in nature you end up with a monoculture. And yes it is technically possible to provide the same functionality using a mix of different hardware/software. This only became a problem when we were stuck with the current duopoly.
"Don't use the same hardware running on top of the same software in all the hospitals on the planet. As in nature you end up with a monoculture. And yes it is technically possible to provide the same functionality using a mix of different hardware/software. This only became a problem when we were stuck with the current duopoly."
But now you've raised the maintenance costs since now you have to cater to multiple different configurations, which means (1) budget strains and (2) more openings for Murphy. IOW, diversification just ran smack into KISS.
This post has been deleted by its author
This post has been deleted by its author
I wonder a little if the generic IoT label is a good idea here.
Some sort of IP connection should be reliable tech, and save a lot of trouble. Being able to connect to a remote device for making reports is an advantage. But an Internet of Medical Devices is not the same as an Internet of Lightbulbs.
And that is why I think it matters that the lady has had a long nursing career. Useful security depends on knowing the business you're securing, and too often the whole internet is plagued by the bright ideas of geeks who don't know the business they're having ideas about.
Well, I recently made an appointment with a local hospital clinic. 2 days later I received and invoice so not being that gullible I contact the hospital and reported it. 1 week later my appointment was re-arranged, you guessed it, another invoice. Which I also reported. 1 week later I got a thank you call from the hospital IT, they had found and deleted the virus.
Imagine this was a nasty virus in some sort of cardiac machine that was needlessly connected 24/7 that wasn't used for a few days and then................... Most machines would only need to connect to the network at certain times, i.e. when actually in use, or to download/upload results.
The trouble with your proposed scenario is that a cardiac monitor actually IS one type of device that WOULD need a 24/7 connection, for the simple reason that it has to operate on a panic trigger. If things hit the fan, time is of the essence, and if you DO suffer a heart attack, you're probably not going to be in any condition to trigger any kind of panic button. Same would be true of any other kind of emergency monitor because they'd essentially ALWAYS be in use.
"The trouble with your proposed scenario is that a cardiac monitor actually IS one type of device that WOULD need a 24/7 connection, for the simple reason that it has to operate on a panic trigger."You're obviously not familiar with the devices. The transmitter that sends info from the device to the cardiology team via the telephone lines sits on the head of my bed. It has a range of ~ 3 metres. The messages the receiving system sends to the cardiologist are SMS and/or emails.
Built into the device is a defibrillator that resets the heart if it goes into fibrillation. No need for any other defibrillator + person trained in defib use required.