“The big problem is that hospitals don’t buy new devices, and they keep using really dangerous ones ad infinitum — until they just stop working,” Corman said.
Corman wants these old, unsecured devices gone from hospitals. The fear is that, beyond freezing systems or hijacking medical records as they did during WannaCry, hackers could also actively manipulate medical equipment to harm patients by, say, administering a lethal dose of medication via an infusion pump. While newer devices aren’t ironclad, they are typically built with more robust security features. So Corman and others are urging health-care providers to scrap old, or “legacy,” equipment and replace it with newer models.
To nudge health-care providers to trade up, he’s put forth an idea for an incentive program akin to “Cash for Clunkers,” the 2009 federal auto-rebate plan that aimed to run gas-guzzling cars off the road. Under that program, which was formally called the Car Allowance Rebate System, people received cash in exchange for turning in fuel-inefficient vehicles, which they could then put toward new, more efficient ones. (The program fizzled after a few months, when it depleted its allotted budget.) Similarly, in this version, health-care providers would be compensated for junking old equipment, and could use the rebates toward the purchase of new devices. Corman said he hasn’t fully worked out the economics, but he believes device makers might be willing to subsidize the program in part, since it would help them move inventory.
Continue reading “Insecure Medical Devices Are Low-Hanging Fruit for Hackers” »