Posted on Jul 26, 2017
MGySgt Civil Military Operations Senior Enlisted Advisor
MGySgt MGySgt (Join to see)
816
6
5
1
1
0
Posted >1 y ago
Avatar feed
Responses: 2
LTC Owner
1
1
0
LTC
Posted >1 y ago
Great article. I have been asking questions about cybersecurity for the IoT for awhile and frankly haven't gotten good answers. The medical device security I find particularly disturbing. If someone hacks my thermostat, they can change the temp in my house, but if they access a medical device it could be a life or death situation.
(1)
Comment
(0)
MGySgt Civil Military Operations Senior Enlisted Advisor
MGySgt (Join to see)
>1 y
I would recommend following Billy Rios. He's a former Marine and current ANG Major and was one of the primary individuals forging the path for medical device hardening. Try this article to start: https://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/

Hacker Can Send Fatal Dose to Hospital Drug Pumps

A hacker could change the dosages of drugs delivered to patients and alter the display screens on the pumps to indicate a safe dosage was being delivered when it wasn't.
(1)
Reply
(0)
LTC Owner
LTC (Join to see)
>1 y
MGySgt (Join to see) - Great article. I wonder when I hear responses like Rios received from this manufacture if the management at the company has any clue what products they are selling or how they work.
(1)
Reply
(0)
MGySgt Civil Military Operations Senior Enlisted Advisor
MGySgt (Join to see)
>1 y
LTC (Join to see) - They do! One of the battles Rios faced was that he revealed all the vulnerabilities he found to the vendors. He spent his own money to purchase these products from eBay and sent his discoveries to the vendors (initially Alaris), which was ignored...on the MULTIPLE times he reported them! Their excuse was (and continues to be to this day) the fixes would break their FDA certification. I attended HiMSS and a FDA rep confirmed that securing the devices would NOT break vendors' certifications. He followed this statement by encouraging vendors to perform said updates. Rios followed the ignored findings by bringing it to the FDA itself; this took three times for the FDA to begin enforcing device hardening to occur.
(1)
Reply
(0)
Avatar small
SSgt GG-15 RET Jim Lint
1
1
0
SSgt
Posted >1 y ago
I am attending BSides and DEF CON this week, and the InfoSec guys know this is a problem. Lots of interesting talks about this. Scary as we get older.
(1)
Comment
(0)
Avatar small
Read This Next
RallyPoint Home

Join nearly 2 million former and current members of the US military, just like you.

Log In
© RallyPoint Networks, Inc 2024

RallyPoint is not affiliated with DoD
close

Welcome to RallyPoint!

Terms of Service | Privacy Policy I'm a civilian Supporter