Medical Device Security
1 view
Skip to first unread message
Mike Ahmadi
Apr 4, 2008, 11:14:48 AM4/4/08
to techal...@googlegroups.com
Some news sources
recently ran articles which spoke of a white hat exploit the Medical Device
Security Center performed (http://www.secure-medicine.org/),
where they were able to wirelessly reprogram a cardiac defibrillator to deliver
a potentially lethal shock. Several medical device companies responded by
stating that there were no know instances of such exploits in the real world,
and generally downplayed the significance of this. My company specializes
in integrating security (cryptographically based) into embedded systems, and we
have recently been working on projects with medical device companies who wish to
implement security in their devices. We have, however found that most
companies feel it is a great idea, yet do not want to "take the plunge" and move
forward with security in their devices. The articles describing the
exploit has created some new interest in what we are doing, and seems to have
moved this onto the radar screen of some organizations. I want to ask this
group if they are aware of the exploit, and if any of the organizations you are
involved in have demonstrated a concern with medical device and system security
? This is indeed meant to be, at least in part, a plug for what I am
doing. I am also truly curious as a newcomer to the world of healthcare
technology, as my world has mostly centered around non-healthcare industries,
and it is indeed a very different world.
____________
D. Mike Ahmadi
GraniteKey
Solid Foundations | Secure Solutions™
www.GraniteKey.com
P: (925) 413-4365
E: Mike....@GraniteKey.com
GraniteKey
Solid Foundations | Secure Solutions™
www.GraniteKey.com
P: (925) 413-4365
E: Mike....@GraniteKey.com
Thomas E. Canter
Apr 4, 2008, 12:52:40 PM4/4/08
to techal...@googlegroups.com
You interest in this piece of information is highly suspect.
By making these kinds of claims without explaining the risks and benefits of the devices and the unlikely event occurring… I don’t think that this article improves health and in fact may make someone inappropriately elect not to have one of these devices.
http://www.schneier.com/blog/archives/2008/03/hacking_medical_1.html
Thanks for the help!
Tom
GraniteKey
Apr 4, 2008, 3:27:20 PM4/4/08
to Healthcare Technology Alliance
I am not quite sure what is suspect about my interest. My post
clearly mentions that this is meant to be, at least in part, a PLUG
for what I am doing. I do believe most (or all) members of this forum
are here to advance their careers.
Please let me clarify my interest in this. I am interested in
discovering if there is indeed a recent interest in medical device
security commensurate with both the news report and/or the growing
concern with security in general as it deals with all things
technology related. My interest here is part curiosity, and in a MUCH
larger part business. My company implements security in MANY
different devices, and medical is completely new to us, yet
potentially a huge market due to growing security concerns.
As to making claims without explaining risks and benefits is
concerned, I am not sure who you are referring to. The team which ran
the exploit claims, as far as I see, that the device can be hacked.
Any risks and benefits of the device they make should not appear
anywhere out of the domain of security. I think medical device
companies do a fine job of explaining the benefits. That is their
domain. The purpose of online forums (such as this) is to serve as an
environment to attempt to tie this all together. That is why I pose
the question.
It is my hope that the medical device community fosters a dialog to
address this BEFORE someone makes the silly decision to not use a
beneficial device. My company builds threat models, and a threat
model built around the exploits mentioned would clearly show this to
be quite unlikely, and would also show a clear path to a solution.
I hope this makes my interest clear.
Thank You,
Mike Ahmadi
On Apr 4, 9:52 am, "Thomas E. Canter" <tcan...@ojmot.com> wrote:
> You interest in this piece of information is highly suspect.
>
> By making these kinds of claims without explaining the risks and benefits of
> the devices and the unlikely event occurring. I don't think that this
> Solid Foundations | Secure SolutionsTwww.GraniteKey.com<http://www.granitekey.com/>
> P: (925) 413-4365
> E: Mike.Ahm...@GraniteKey.com
>
> <http://www.linkedin.com/in/mikeahmadi>
>
> <http://www.granitekey.com/>
>
> image001.gif
> 1KViewDownload
>
> image002.jpg
> 41KViewDownload
clearly mentions that this is meant to be, at least in part, a PLUG
for what I am doing. I do believe most (or all) members of this forum
are here to advance their careers.
Please let me clarify my interest in this. I am interested in
discovering if there is indeed a recent interest in medical device
security commensurate with both the news report and/or the growing
concern with security in general as it deals with all things
technology related. My interest here is part curiosity, and in a MUCH
larger part business. My company implements security in MANY
different devices, and medical is completely new to us, yet
potentially a huge market due to growing security concerns.
As to making claims without explaining risks and benefits is
concerned, I am not sure who you are referring to. The team which ran
the exploit claims, as far as I see, that the device can be hacked.
Any risks and benefits of the device they make should not appear
anywhere out of the domain of security. I think medical device
companies do a fine job of explaining the benefits. That is their
domain. The purpose of online forums (such as this) is to serve as an
environment to attempt to tie this all together. That is why I pose
the question.
It is my hope that the medical device community fosters a dialog to
address this BEFORE someone makes the silly decision to not use a
beneficial device. My company builds threat models, and a threat
model built around the exploits mentioned would clearly show this to
be quite unlikely, and would also show a clear path to a solution.
I hope this makes my interest clear.
Thank You,
Mike Ahmadi
On Apr 4, 9:52 am, "Thomas E. Canter" <tcan...@ojmot.com> wrote:
> You interest in this piece of information is highly suspect.
>
> By making these kinds of claims without explaining the risks and benefits of
> P: (925) 413-4365
> E: Mike.Ahm...@GraniteKey.com
>
> <http://www.linkedin.com/in/mikeahmadi>
>
> <http://www.granitekey.com/>
>
> image001.gif
> 1KViewDownload
>
> image002.jpg
> 41KViewDownload
Reply all
Reply to author
Forward
0 new messages