sb-au logo
Story image

Connected medical devices to drive cybersecurity market

09 Oct 2019

The market for cybersecurity solutions will experience a marked increase in value over the next two years, due in part to a need for connected medical devices to have better security.

According to analyst firm GlobalData, the global cybersecurity market will be worth US$143 billion in 2021, up from $114 billion in 2017.

Recently the United States Food and Drug Administration (FDA) released a bulletin about 11 security vulnerabilities that could leave connected medical devices open to exploitation by remote attackers.

GlobalData explains that the URGENT/11 vulnerabilities allow attackers to remotely take over internet-connected devices, bypassing perimeter security measures such as firewalls. As a result, the vulnerabilities can be used to propagate malware within networks and between different connected devices.

“Using these weaknesses, a remote user could take control of a medical device and change its function, cause information leaks, or shut down the machine entirely. An attacker could hijack a patient monitor in a hospital and record patient data or even fake an emergency such as cardiac flat-line.”

According to GlobalData senior immunology analyst Rose Joachim, the ‘URGENT/11’ vulnerabilities illustrate that there are extreme vulnerabilities, even if the FDA says there have not yet been any reported attacks.

“Although this new level of connectivity is transforming patient care, close attention must be given to the design of these devices and the software on which they run. With the increasing usage of big data in monitoring patient health, medical devices are steadily becoming more connected to the internet, demonstrating the growing importance of cybersecurity solutions in the healthcare industry.”

The URGENT/11 vulnerabilities were discovered by a cybersecurity firm called Armis, which specialises in security for connected devices and the internet of things.

GlobalData explains that the weak code was identified in IPnet, which is a third-party software component that helps support network communications between computers. The IPnet software is currently owned by Wind River and used in the company’s real time operating system (RTOS), VxWorks.

RTOSs are built to process data in real time with high reliability and accuracy—a function crucial to many devices used in the healthcare sector, such as patient monitors and infusion pumps,” explains Joachim.

 “Luckily, it appears the URGENT/11 vulnerabilities were identified before any great harm could be done,” she continues.

“Many parties have already begun to identify risks and implement remedial solutions such as software patches. However, it cannot be ignored that these large-scale software issues are occurring more and more frequently, highlighting the vital importance of cybersecurity products and services in protecting the more connected healthcare systems of the future.”

Story image
COVID-related email subjects biggest threat in phishing scams
Coronavirus-related email subjects remain the biggest threat in phishing scams, a new study has found.More
Story image
Revealed: Imperva publishes research on decade old botnet, responsible for millions of attacks
Imperva Research Labs has revealed findings of a six-month intensive investigation into a botnet that has been exploiting CMS vulnerabilities.More
Story image
How cyber-attackers use Microsoft 365 tools to steal data
Vectra security research has recently identified how cyber-attackers use Microsoft Office 365 tools against organisations to steal data and take over accounts.More
Story image
Why IT and HR must work together to help businesses weather the storm
Employers are striving to balance team productivity, security and employee engagement. If remote work is the new norm, it’s impossible to ignore the challenging nature of the situation, writes Gigamon manager for A/NZ George Tsoukas.More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Link image
Save the date: 28 October is the day your CX will be supercharged
Learn from the experts at Zendesk and ESG to find out how you can supercharge your customer experience approach in this exclusive online event! Register now.More