Technology is never more integrated with human life than when it is relied upon for healthcare and survival. The healthcare sector is laden with devices, some for simple uses, and others which the heart is reliant upon to keep beating.
A frightening dynamic is formed when combining this truth with the fact that healthcare is rife with cyber security frailty, placing human lives in the line of fire.
David Kleidermacher, Chief Security Officer at BlackBerry told CBR: “What makes the news today are these ransomware attacks and how to protect personal, private healthcare information. While all of that is important, there is another perhaps more insidious risk that doesn’t get as many headlines, as many of these connected devices are connected to people. I don’t want to panic patients, or tell them to stop using devices that are connected to the insulin pumps or the drug dispensing machines, but the vast majority of what we use today is hopelessly insecure.”
Although the BlackBerry CSO does not want to cause widespread panic, the truth is that hackers are increasingly targeting areas that can will strike the most fear, or cost the establishment or organisations the greatest damage. It is healthcare, Mr Kleidermacher argues, that is second to none when it comes to endangering human lives, with the only target that could come close to sharing the same gravity being connected vehicles.
“There is actually a path; there is literally a connected line of a network connecting the internet where the bad people are to the St Jude pacemakers that are planted next to the human heart. You can actually connect to a pacemaker and kill somebody because you can deplete its battery. When you kill the battery on a pacemaker the patient dies, and people don’t know that, but that is what happens.”
However, there is no quick cyber security fix for the healthcare sector – a sector notorious for its reliance on legacy systems and tight budgets.
“Hospitals and other healthcare providers can’t just wholesale replace every single infusion pump with something new, they just can’t do that,” Mr Kleidermacher told CBR.
“We have got to raise the bar; we really have to raise the bar on security in these devices and patients, caregivers, the market, everybody, all the stakeholders deserve to know the posture of these systems.”
Although replacing entire systems is not possible, there must be new approaches taken to tackling the problem, with Mr Kleidermacher holding the belief that there must be a cultural shift to adjust to the threat landscape.
“The part that is really missing culturally is this demand to have a kind of nutritional label, like a label on food that says this thing has been evaluated for its contents and we think it is safe. That sort of thing does not exist for medical devices, let alone other devices. Organisations like the FDA and other similar regulatory bodies across the world need to step up and say it is not just enough to take the medical manufacturer for their word.”
Mr Kleidermacher runs through the necessary steps that must be taken as a start to finding a solution to the threats that run rampant through networks and systems. Presenting the foundation components for the task ahead, he said: “You cannot raise the bar on security if you don’t first know how to measure its height, but then once you have that it becomes obvious as to what you have to do. You need better encryption of course, and better authentication.”
The fact of the matter is that a crucial and sensitive component of society globally is among the most vulnerable targets for attack, and ultimately the message put across by Mr Kleidermacher is that “you have to figure out a way to isolate those critical systems from the wild Wild West of the internet.”