IoT security warning: Cyber-attacks on medical devices could put patients at risk

[LASER_oneXM]

More collaboration is needed in order to ensure internet-connected medical devices can't cause harm to patients, says research.


Poor cybersecurity in Internet of Things (IoT) medical devices potentially poses risks to both the wellbeing of patients as well as to the infrastructure that keeps hospitals running.

The Royal Academy of Engineering worked alongside the Petras Internet of Things research hub to produce a report on IoT, cyber-safety, and reliance -- and the message is that more work needs to be done to improve the security of connected systems.

While noting that connected and implanted medical devices -- including cardiac pacemakers, drug administration devices, and monitoring devices, as well as infusion pumps, defibrillators, glucometers, and blood pressure measurement devices -- can help patient care, the Cyber safety and resilience report also highlights the connectivity inherent in these devices also bring risks.

Cyber-attacks on connected devices could therefore result in "severe consequences on patient safety", which could even result in injury or worse.

The risk of cyber-attacks against hospitals and the disruption which can be caused to medical systems and devices by cybercriminals was demonstrated by last year's WannaCry ransomware attack, which took some hospital IT systems down for weeks.

However, it isn't just malicious attacks and hacking of connected devices which could risk patient safety: events such as natural disasters or failure of components or even critical infrastructure could result in damage being done.