In the last few years we have seen an increase of high tech medical devices, including all flavors of communication capabilities. The need of hospitals and patients to transfer data from devices to a central health information system makes the use of a wide range of communication protocols absolutely essential. This results in an increasing complexity of these devices which also increases the attack surface of the equipment. Vendors of medical devices put a lot of effort into safety. This is especially true for devices with feedback to the patient, e.g. medical pumps, diagnostic systems and anesthesia machines. However, it is often forgotten that the security of these devices is a crucial part in also providing safety. An attacker who is able to gain unauthorized access to these devices may be able to endanger the health of patients. We decided to take a look at a few devices that are deployed in many major hospitals and probably in hospitals around the world. We focus on the security of these devices and the impact on the patient’s safety. The results will be presented in this talk.
Florian Grunow is a security analyst at ERNW. He holds a Master of Science degree in computer science with a focus on software engineering and medical devices.