Doctor urges fellow practitioners to help design safer medical Internet of Things (IoT)

Physicians have joined security experts in the crusade against flawed medical IoT devices, urging fellow practitioners to help vendors design safer hardware for connected healthcare – an area where even the smallest vulnerability can claim lives.

Dr. Christian Dameff of the UC San Diego medical school, speaking at the Security of Things USA convention, raised serious concerns about the state of connected medical devices.

A white-hat hacker and Internet of Things (IoT) medical security expert, Dr. Dameff agrees that connected devices work wonders in automating and speeding up medical care. However, these new abilities come with serious caveats that make them hackable by outside agents.

Dr. Dameff is calling on fellow physicians to help identify weak points in connected medical devices and enable vendors to plug these holes, both before and after the devices leave the factory – by enabling the hardware to receive important security patches at a firmware level.

“Software powers modern healthcare. It is as essential as antibiotics, x-rays and surgery combined,” he said. “Without our technical systems, doctors today are essentially helpless for taking care of strokes, heart attacks and traumas.”

“What surrounds the patient are dozens of wirelessly connected devices that are running legacy operating systems, that are unpatched, that have hard-coded credentials you can Google – that are controlling potent medications being infused into this patient that, if miscalculated or altered, can cause this patient to die. That is the state of modern healthcare IoT. We need to change it.”

“Have them [IoT vendors] help you identify points of your product that, if it should fail, would result in patient harm, not just a compromise of their medical health information,” Dameff added.

A recent study by The Security Ledger and LogMeIn suggests IoT device makers have a distorted perception of the consumer’s security needs. Vendors typically worry about risks from a sophisticated threat actor, rather than a less-skilled attacker. Ironically, it’s the latter who does the most damage, research shows.

Earlier this year, Deloitte audited 370 professionals in the medical device/IoT ecosystem and learned that one in three IoT medical device makers had been the target of a cyber-attack in the past 12 months.