Holy Heart Attack Batman! It’s amazing how much software touches every aspect of our daily life, from the furnace in our homes to pacemakers. Software intensive systems alone have an element of risk to them. However, once these systems are connected to a network and “on the grid,” there’s a whole new risk involved with these systems – cyber security.
The referenced article from Reuters discusses the FDA’s recent warning about the vulnerability of medical devices connected to a network. The article cites research stating that medical devices connected to a hospital’s network can be taken over and manipulated by the controller – without the hospital staff knowing. Yikes!
I know you’re thinking some of the same crazy things I’m thinking. Imagine a patient in the ICU on an air ventilator, who is also receiving medication via the IV infusion pump. Both machines are connected to the hospital network and monitored centrally at the nurse’s station, so in theory, they are “on the grid.” What’s to prevent a hacker from developing a virus to specifically target such devices and implement malicious behavior, such as shutting down the ventilator or increasing the dosage of medication to our fictitious patient? According to this article, nothing is really stopping that from happening. That’s not only crazy but also scary.
Now, let’s reel the crazy back in and look at reality. This is a wake-up call, not only to the medical device industry, but to all industries making network enabled products. If a product is “on the grid,” it’s a target for hackers and measures need to be taken to protect customers from malicious attacks. One of the common mistakes we see hardware-centric companies make is under-investing in their software capabilities because they don’t understand software but know it adds a lot to their bottom line. They’re hooked on the revenue.
For example, let’s add an LCD display to refrigerators, connecting your Tumblr, Facebook and Pinterest accounts to it, along with a calendar, to-do lists, grocery lists, etc. The maker of the fridge can pump up the price $600 - $1,000 with this new sexy feature. Sounds great – until someone finds a way to connect in through your unsecured home network and shut down your fridge, resulting in a loss of $1,000 worth of perishables.
I’m sure we could come up with hundreds of examples. Again, from our cars to TVs, everything is becoming a target.
For the executives of such companies who might be reading this, from all of us consumers out here, be in it to win it! Don’t treat software and software security as second-class citizens. Your brand can’t afford to take the hit and we can’t afford to become mass targets of opportunities.
Until my next post, stay healthy and out of hospitals!
ProServices, Vice President