Cyber Security For Networked Medical Devices
It has never been more important to integrate safety and security features into networked systems than today when the Internet of Things takes shape and a technologically advanced threat landscape has evolved. This is especially true for medical devices – in the hospital, at the patient’s home or even implanted – because it’s about protecting sensitive data and protecting human lives.
Over the last 30 years, aviation has transitioned from conventional mechanical flight controls to digital, computer-controlled fly-by-wire flight control. More recently, the automotive industry has identified comparable potential under the slogan “drive-by-wire.” The analog approach, commonly known as “X-by-wire,” is also suitable for the medical device industry. Finally, in medical devices today, almost all functionality and complexity is made possible by software. As the software becomes more complex, functional safety and IT security of medical devices must become a top priority right from the design stage.
The Internet of Things (IoT)
Billions of networked devices like an USB oscilloscope or heart rate monitors are currently operational and the latest technologies projected to be operational within the next decade. Against this background, it is almost unimaginable not to include the value of the increasing degree of networking in the planning of most new embedded medical designs. Products developed with integrated Internet connectivity have made incredible advances in care and telemedicine possible. It allows the use of networked medical devices to diagnose and monitor and treat patients remotely.
Healthcare in the crosshairs of cyber threats
Despite the many innovations that have emerged in the face of increased networked devices and telemedicine, the medical industry has recently been the target of numerous cyber-attacks that have caused significant disability inpatient care and has cost the industry millions of dollars to recover. The cost of managing the attack may include the payment of ransom demands and expenses of litigation that may involve affected parties. Hospitals can also be held liable for violations of data protection laws such as HIPAA (US) and GDPR (EU), which may result in millions of penalties. Cybercriminals use medical devices connected to vulnerable networks as an entry point to install malware in hospital networks.
Medical devices that are already connected to hospital networks through TCP / IP or Wi-Fi / Bluetooth communication capabilities typically do not have secure networking and their operating software has not been thoroughly tested for anomalies. Each connected device may be affected by security vulnerabilities. Imaging systems, life support systems, implantable pacemakers and defibrillators, and many other networked medical devices are potential targets for cybercriminals. Also, due to the lack of stringent software coding standards for medical devices, many of these products contain bugs in their software and their host operating systems that may prove to be weak points. When a cybercriminal discovers vulnerability,
The goal of an exploit is to take over a device on the network, integrate it as a portal for the installation of malware and ransom ware into the healthcare network, use it to steal electronic health records, or influence the operation of a device such that Patients get harmed. All it takes is an unsecured medical device on the network to provide cyber-criminals with the shortcoming that allows them open access to the system and the most significant possible chaos. With all current embedded designs for medical devices, manufacturers need to secure the communication ports of their connected devices and use operating systems that provide necessary security and protection for vital applications.
Hacking technology is also progressing
Currently, hackers are developing and testing ransom ware attacks that propagate hundreds of times faster by using the computer’s GPU (Graphical Processing Unit) to encrypt the target files with malware. GPU-accelerated computing moves computationally intensive parts of the application to the graphics processor while the rest of the code is still running on the CPU. Applications, whether good or bad, have ever shorter durations, which make it increasingly difficult for existing anti-malware tools to intercept and block spreading ransom ware. It is, therefore, to be expected that attacks will be even more difficult to ward off in the future than in the past.
An unspoken reality
However, there is one much grim reality we need to be aware of: how are our reactions when the next ransom demand is not to unlock encrypted computers, but the lives of loved ones in hospitals or even at home through networked medical devices to endanger? Hackers can use a medical device, such as an infusion pump, as a weapon to harm or cause death to patients. If a hacker gains access to a device on a hospital network, they can very likely access all devices on that network with the same exploit.
Infusions pumps represent the highest number of used networked medical devices and provide the most extensive attack surface for an attack. Because of its vital function as a drug delivery system, the infusion pump is the most common threat to patients that can cause harm or death. Imaging and other supporting equipment typically use a commercial off-the-shelf (COTS) operating system, such as Windows, to run its applications. The operating systems run an average of seven network applications per device and are most susceptible to attacks. Typically, three of these applications communicate outside the hospital network.
The vulnerabilities of the network are not limited to hospitals. Patients walking around with Internet-enabled, implanted medical devices (pacemakers) or Internet-enabled handheld devices (insulin pumps) are also a potential target for cyber-terror. There is thus a risk for millions of people around the world of experiencing or even injuring injuries as a result of an attack or failure in an implanted medical device.
The problem escalates
Especially with networked, medical devices in the hospital or at the patient’s home, the integration of safety and security functions is unavoidable today, because the technology for the placement of painting and ransom ware is also continually evolving. The problem of security in medical technology mainly consists of three parts:
- Networked medical devices are currently manufactured without robust, competent cyber security.
- Medical device software is not subject to functional safety standards.
- Millions of medical devices and legacy hospital systems are installed in hospital networks that do not provide robust security.
The article by Green Hills Software provides an overview of the current safety situation and how systems can be retrofitted with safety features.
However, all of this is not new information, as the number of incidents such as cyber attacks is currently doubling each year. Product developers, computer specialists, and authors of standards that affect medical device software, as well as other stakeholders, are watching this increase in cybercrime. It is also they, who are making numerous proposals to standardize, regulate and strengthen safety in medical systems. Many of these suggestions recommend using existing international standards to increase the safety of medical devices. Unfortunately, most of these proposed measures have not yet been implemented by the system manufacturers.
The solutions already exist
Over the last two decades, thousands of mission and vital systems based on Green Hills Software’s Integrity RTOS (Real Time Operating System) have been deployed in military, aerospace, industrial, rail, marine and aerospace applications last integrated the automotive industry. The realization that electronic systems contain acute vulnerabilities and that misuse can cause catastrophic damage and a risk to human life has led to the development of high-tech technologies with strict safeguards against failure conditions and high resistance to unauthorized access. Examples include Integrity RTOS (proprietary notation: INTEGRITY), in use since 1997, and Integrity Multi visor Secure Virtualization (2003).
Standard DO-178 Level A
The US Federal Aviation Administration (FAA) and the European Aviation Safety Agency (EASA) require the certification of aircraft to stringent standards, such as RTCA DO-178. Within this standard, critical avionics software systems are certified to DO-178 Level A. This standard protects against aircraft subsystems whose abnormal behavior could cause a “catastrophic failure condition.” It is the only appropriate safety standard if failure could result in significant loss of life or major property damage. The standard is used in vital and mission-critical systems for both civilian and military aircraft. Due to its origin from highly safety-critical applications, The DO-178 Level A is currently considered the most stringent and best-developed standard for applications requiring the highest level of security. Given the current climate of widespread cyber-terrorism, ransom ware and data breaches, would it not be appropriate to limit all life and mission-critical Internet of Things applications, including medical devices, to this level of security?
In the United States, the National Information Assurance Partnership (NIAP) has issued a Common Criteria for Information Technology Security Evaluation (NIST) through joint sponsorship with the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). supported as ISO / IEC 15408). This international standard defines the evaluation assurance levels (EAL) from EAL1 (Lowest Level of Assurance) to EAL7 (High Level of Assurance). An EAL4 based system provides a level of security that protects against “moderate attempts to violate security”. General operating systems such as Windows, Linux, Android and others are only certified to EAL4. These operating systems experience regular hacker attacks and developers report vulnerabilities on a daily basis. A vital device, such as an infusion pump, has to be at least EAL6-secured in order to be safe from hackers and attacks from foreign nation-states, despite their advanced systems. Products that provide these levels of security have been commercially available for years. These include, for example, the Green Hills Integrity-178, which received certification in 2008 according to Common Criteria EAL6 + High Robustness.
Retrofit systems in the hospital
Systems and medical devices currently installed in hospitals are unlikely to be upgraded with robust cyber security and rigorously tested application codes and operating systems. However, Green Hills software can provide secure and securely encrypted gateways that protect the devices and allow only communications from specific networked computers, tablets, or smart phones. For example, healthcare facilities can use this technology to secure an MRI scanner while still allowing communication to and from the network.
Since 1983, Green Hills Software has provided embedded software solutions that support all phases of system development in all industries. Green Hills Software has reached the highest levels of safety certification, including DO-178 Level A, IEC 61508 SIL 4, IEC 62304, ISO 26262 ASIL D, and leverages over 35 years of experience to help the medical and other industries perform powerful and secure Develop devices and systems that meet the demands of the market today and in the future. At the heart of the medical device platform is Green Hills Integrity-RTOS, a robust separation kernel platform for full-featured applications. Together with Integrity Multi visor Secure Virtualization.