Connect with us

Gadgets

Cybersecurity report recommends test-hacking medical devices before and after release

Test-hacking medical devices and systems before and after release is a great way to boost security and privacy for customers.

Pacemaker

Test-hacking medical devices and systems before and after release is a great way to boost security and privacy for customers.


[dropcap]C[/dropcap]yber security and privacy are extremely important, especially when it comes to sensitive information like patient health records, financial data and personal identification information. With so many high-profile hacks happening across various industries lately, including several in the healthcare sector, it’s essential that everyone put more of an emphasis on protecting this data.

Security in the Healthcare Industry

Breaches have already happened at companies like Anthem and Premera BlueCross, resulting in the potential release of more than 91 million American health records. According to a report from the Institute for Critical Infrastructure Technology (ICIT), the healthcare industry is targeted the most in the U.S. by cyber criminals, despite the fact that it is the least prepared.

“The remainder of the healthcare sector needs to learn from these prolific breaches before their organizations are the next to fall and place patients at risk. Cyber security reform must encompass the people in the organization, the policies, and procedures in place and the technologies deployed,” claim the report’s authors.

This is disconcerting to say the least. Something definitely needs to be done to bolster security in the sector.

One of the best ways to protect against a security breach is to hire skilled hackers to break into a network or device so these vulnerabilities can be identified and dealt with. Believe it or not, there are companies out there – like HackerOne – that do this with a goal to help top companies and brands lock down their systems.

Cue White Hat Hackers

White hat hackers are essentially the “good guys” of the industry. They are generally hackers or programmers that make their living through ethical means, specializing in computer and software security. They don’t always work with a particular company — sometimes they are the lone-wolf type. The important point is they don’t hack into systems or devices with the intent of causing harm. Instead, their goal is to find vulnerabilities and holes which may need to be patched in order to improve security. After finding a security flaw, they often provide the necessary documentation and aid to the system owner or admin to improve security.

The same report from the ICIT mentioned above posits the idea of using white hat hackers to test medical devices before and after their release for inherent security flaws. Testing hackable devices and systems, such as infusion systems, pacemakers and MRI machines, before their release is not that much of a problem. However, doing it after — when a system is online and in use — could cause some issues.

This can be fixed through the use of cost-effective ongoing system maintenance programs. They ensure the system or device in question is not taken out of commission, and yet the proper techs still have the ability to make the necessary changes. In this case, IT professionals have the opportunity to lock down an insecure system without taking it completely offline.
Test-Hacking Is the Future of Cybersecurity

Still, the ultimate goal is to allow skilled hackers the opportunity to break open your device or system, pointing out serious problems. HackerOne is a free platform that allows the appropriate parties to do this sort of thing, but the interesting part is that it’s not just “professionals,” so to speak. Instead, anyone who has the wherewithal can join the platform, and it relies on a tight-knit community to solve security problems.

“We are the Uber of security, but instead of offering cabs, we offer ethical hackers,” says Marten Mickos, the CEO of HackerOne.

“We represent the next natural step in security and a shift in thinking,” Mickos claims. “Security used to be done in secret and only with those who had clearance. Now the idea is ‘keep your secrets in the safe, but let the community see your product.’ And the community will complement your staff, not replace it.”

In other words, by allowing hackers to find these flaws and vulnerabilities, you can patch the holes and make your device or system that much more secure. Just as the ICIT report claims, test-hacking medical devices and systems before and after release is a great way to boost security and privacy for customers.

Advertisement

More in Gadgets