Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home IAMblog Security Vulnerabilities Are Medical Devices a Cyber Security Threat?

Are Medical Devices a Cyber Security Threat?

We often associate cyber security risks with the devices we have seen get "hacked" - Laptops, email accounts, mobile phones etc. are typically at the forefront of our minds when we think about this risk because we are likely to have experiences one of these devices being compromised. But an ever growing number of devices for our homes, lives and even our health are online now. This IoT environment means that awareness of the risks associated with compromising these devices be discussed in the same context as the risks we are familiar with now. Medical devices are one kind of device to which this applies:

"Medical devices are just the latest in a growing list of Internet of Things that are at risk for potential hacks. On the surface, it may seem almost foolish to worry that some stranger will want to control a person’s insulin dosage or shut off a pacemaker or manipulate health data, but we also wondered why anyone would want to hack into cloud storage to steal compromising photos of actresses or someone would stage a major attack on an entertainment company in retaliation for a movie. If something can be hacked, it will be hacked. If for no other reason, this puts medical devices and the patients who rely on them at great risk.

Like virtually every device connected to a network, medical equipment was never designed with cyber security in mind. However, thanks to the Food and Drug Administration’s new guidelines, that will change. Manufacturers are now instructed to build cyber security functionality into new medical devices. How these cyber security functions will be addressed will depend on the device itself – its intended use, overall vulnerability concerns, and risks to the patient, for instance. The guidelines go on to list the types of cyber security functions that should be included, such as layered authentication levels and timed usage sessions that ensure the device isn’t connected to the network any longer than necessary" says Sue Porembra for

Broadening our sense of what devices pose a risk will help us collectively design technologies and solutions that will protect us against this kind of threat. While there is no silver bullet, it's time we started viewing the issue in a much more inclusive way, as more and more kind of devices go online.