What You Don’t See Can Hurt You: Medical Device Security


After working in the medical equipment security field for the past several years, I have heard a familiar phrase: “We don’t need security. We’ve never had a problem.” To which I always respond, “Have you looked to see if you have a problem?” And the answer has always been “No.”

The problem with not looking to see if you have a problem is that you could have a major problem with your medical devices and have no idea. If your medical equipment were infected with malware, it could be possible that they’re sharing the malware between each device. The malware might not meaningfully affect one device, but a new device that comes onto your network could be the next target that does have a meaningful effect.

Another issue that has been seen in American hospitals is that a device could simply lock up and sometimes request a monetary payment to unlock the device. Of course, never pay the criminals to unlock the device. Call CE-Tech and we’ll help you get that device repaired properly. The criminals often take the money and run, leaving you with a still-broken machine.

The worst issue I’ve seen was a nasty virus that could randomly manipulate a computer’s memory. In this particular case, the memory alterations manifest themselves as patient alarms spontaneously changing to random values.

Because most medical devices don’t have virus scanners installed, it’s not uncommon for a virus to reside on a device or two. But there are things you can do.

First and foremost, don’t connect anything that doesn’t need to be connected.

Second, be sure that connected devices that you purchase have robust security options.

And third, for larger companies, you can install an Internet of Things (IoT ) Security solution, like Palo-Alto’s Zingbox. With Zingbox, you can be alerted to any suspicious network activity coming to or from your medical devices. Along with the alert, you can also set up a response to the alert – like cutting off its network traffic.

If you need any help figuring out your security posture and planning for the future, let us at CE-Tech know.


Written By: IT Manager, Ben Archambault