WattsUpDoc detects medical-device malware

Homeland Security and the FDA have warned medical device makers about security holes and the growing problem with malware. A new detector looks for subtle changes in power usage.
Written by Janet Fang, Contributor

Many medical devices utilize wireless technology. While there’s plenty of evidence that it’s possible to seize control of medical implants from a distance... there’s just no evidence that’s ever happened, Businessweek explains.

Medical hacking entered the public eye in 2011, when hackers began showing it was possible. Jay Radcliffe, a computer security expert working for IBM, delivered a presentation at a hacking conference showing that he could take control of an insulin pump and manipulate the amount of insulin it provided, potentially killing the user.

Considering the varying rates of technical innovation among hackers, medical companies, and regulators, it’s likely that the healthcare industry will stay at least a half-step behind.

In addition to implants, hospital devices -- such as pregnancy monitors and picture-storage systems for MRIs -- are also vulnerable to infection since they’re connected to the internet.

But here’s good news! Researchers from the medical-device security team at University of Michigan have figured out a way to spot malware on hospital equipment -- by noting subtle changes in their power consumption, Technology Review reports.

WattsUpDoc [pdf] could give hospital IT a quick way to spot equipment with dangerous vulnerabilities and take them offline -- even if the exact virus isn't identified. The key is getting a very detailed profile of normal usage and being able to detect changes while avoiding false alarms.

They tested the device on deliberately infected compounders (for mixing drugs). The device detected abnormal activity more than 94 percent of the time if it had been trained to recognize that malware, and between 84 and 91 percent with previously unseen malware. It could be commercialized in a year.

[Via Technology Review, Businessweek]

Image: Wikimedia

This post was originally published on Smartplanet.com

Editorial standards