The healthcare industry has become a very popular target among cyber criminals in recent years. It is estimated that this industry is one of the most profitable for cyber criminals to exploit. The enormous value of personal records from patients paired with relatively relaxed security measures, makes this industry a very attractive target. Moreover, the increase of insecure connected embedded medical devices has changed the threat landscape considerably.
Insulin pumps and pacemakers are examples of two medical devices that have been demonstrated to be vulnerable to remote attacks that would have certainly caused the death of the patients that use them. A few years ago security professional Barnaby Jack publicly demonstrated how these devices could be remotely scanned, accessed and controlled at a safe distance from the target. An increasing number of connected medical devices are rapidly being produced for hospitals as well as patients, considerably widening the attack surface for malicious adversaries.
Regulatory bodies usually place stringent requirements on the reliability and certification of medical devices. In many cases, security updates for the operating system or other components are out of the question for reasons of certification. Moreover, the options for changing settings are usually deliberately restricted. This presents a big challenge for vendors as it is more difficult to patch security vulnerabilities in these devices.
This industry has recently seen a rapid increase of connected services that enable patients better and faster access to healthcare. Medical professionals, hospitals and insurance companies are handling digital data from patients at an ever growing rate. Recent ransomware attacks in clinics and hospitals that resulted in the loss of data and service to patients for days or even weeks, have highlighted the dire need to improve and modernize the security of systems and networks.
At Blue Frost Security we have the expertise to thoroughly test medical devices by reverse engineering embedded firmware, reviewing proprietary protocols and/or manually auditing source code in order to uncover security vulnerabilities that could be used by attackers to cause harm. Additionally, we have years of experience in testing digital services that could be leveraged to steal private records of patients. Moreover, with our Offensive Threat Intelligence service we can track new threats that your systems are facing and continuously test them to ensure that your business is protected at all times.