Medical Device Security in the IoT Age

Medical devices save lives, but as wireless technology continues its exponential growth, these devices often utilize these technologies to connect to the hospital network. As a result of this connectedness, networks face numerous security vulnerabilities due to security issues with the devices and software used to process the medical information and operate the device. Additionally, medical devices often fall outside the scope of normal IT discovery scans, and there are numerous issues with these IP connected devices because they lack updated software patching. As a result, vulnerabilities to the hospital network are magnified by the inability to not only locate the devices, but also, if the device is captured on the network, issues arise with patching and the ability to load updates to software with respect to the Food and Drug Administration (FDA) Regulations. Antiquated procedures and lack of a security focus on the part of medical device manufacturers has created tremendous risk that needs to be balanced between potentially life-saving technologies and security for patients on multiple levels. The analysis of this paper will focus on the issues inherent with the current process of discovery, the updating and patching of vulnerable software processes, manufacturer responsibilities, and potential interim solutions for healthcare providers that can help identify risks as we wait for changes to the current FDA processes and provide steps that healthcare providers can take in the interim to protect their networks.