A hacked insulin pump is the last thing a diabetic wants to worry about when life-saving fluids are pumped into their body. Sadly, concerns about medical device IT security are a healthcare reality.
Last year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued more than a half-dozen warnings tied to connected drug pumps alone. Vulnerabilities found in pumps made by Baxter International and Becton Dickinson Alaris System, for example, could be exploited to launch a DDoS attack, alter system configurations or siphon off patient data.
Cybersecurity has also become a major theme for the Federal Drug Administration, which oversees medical-device safety. In 2020, the FDA issued a flurry of warnings urging medical device-makers and hospitals to patch their hardware against a slew of vulnerabilities, ranging from SweynTooth and URGENT/11 to Ripple20 and SigRed.