AAMI News February 2018

Security Expert Looks to Improve Trustworthiness of Medical Devices

Kevin Fu
Kevin Fu

Many predicted that 2017 would be the “year of ransomware,” and with the deployment of large-scale, high-profile attacks such as WannaCry and Petya/NotPetya, that was indeed true. So what cybersecurity vulnerabilities await in 2018, and are healthcare delivery organizations and medical device manufacturers prepared?

To find out, AAMI News talked with medical device cybersecurity expert Kevin Fu, chief scientist at Virta Labs, Inc. Fu was just named an IEEE Fellow “for contributions to embedded and medical device security.” He also is the director of the Archimedes Center for Medical Device Security and the Security and Privacy Research Group at the University of Michigan in Ann Arbor.

Q: How would you rate the healthcare industry’s cyber-preparedness going into 2018?

I’d give it a B-minus. I think the problem is we still don’t have a good grip on the security of our inventory of medical devices—and it’s hard to protect what you don’t know you have. We need to get a better handle on what’s out there—from every software version to its location.

Q: What new threats do you see on the horizon?

I think ransomware is still going to have an impact in the short term, but I also am concerned about the integrity of sensors. Finally, I’m concerned about medical records being tampered with. It’s possible that, in the future, we will have a hard time understanding the trustworthiness of the chart data we use to treat and diagnose patients.

Q: What implications could your research have for medical devices in the future?

It’s all about being able to give confidence to patients in the trustworthiness of a device so they don’t need to worry about the hackers and can rest assured that the device will function safely and effectively despite cybersecurity risks.