|
|
|
|
|
|
by bdelay
2771 days ago
|
|
|
My guess is that yes, absolutely, but very few people know about it / a Doctor or nurse was blamed. Medical system security does not seem very good. When I was operating in the area a while back, one comment I kept seeing was similar to yours. "Yes, the security is bad, but the good these devices do outweighs the bad." I agree with that, but my follow-up has always been, why can't these devices continue to help patients, but in a secure way? The manufacturers really don't want to spend the money to try and have some form of a security posture? Rhetorical question. At the end of the day, my pessimistic view is that nothing will happen until some firm finally proves that there has been a high profile attack, there is an ensuing media firestorm, and the regulation process starts happening. |
|
|
I believe the best compromise would require forward thinking leadership and design. Make medical devices that must or would be served by communication and control short range by design. Ideally it could be turned off by the patient but close range enough that a doctor can access it while the patient is in no position to assist. The added danger is minimal given that anyone that close who wanted them dead could just murder them in other ways.
Have a centralized registry of valid public keys - there are debates about who should have one but that is a whole other topic. The point being that nonrepudiation - an audit trail will be left which means in cases of malfeasance the entity corresponding is the one responsible - either directly or by letting their key get compromised. The practical pain is the logistics of course.