Wireless adoption is quickly emerging in every industry vertical that is using digitalization to simplify operations. The issue is that from a security perspective, the move to wireless creates situations where a “trusted” internal network suddenly bridge to an external network and can accessed wirelessly. What might have been an acceptable risk, where only a few proprietary devices with physical access could perform privileged operations, became much more questionable when a WIFI-connected Linux device starts to offer the same capabilities. Smart connected devices are a double-edged sword: in the same way they offer greater flexibility and synergy between systems, they can also lead to emergent security issues that need to be considered holistically. A case in point is the paper on the vulnerabilities in globally used B. Braun infusion pump. The B. Braun Infusomat is an infusion pump designed for use in both adult and pediatric medical facilities. According to FDA an infusion pump is a medical device that delivers fluids, such as nutrients and medications, into a patient’s body in controlled amounts and typically used by a “trained user who programs the rate and duration”.
Originally, the Braun CAN bus was reserved for communication between trusted components such as a Servicing PC used for maintenance or for connecting multiples devices within an older model. As a result, the CAN bus was used for “internal” communication between trusted components and an external module. Over time, in order to increase flexibility and usability they moved to WiFi connectivity. This simplifies operations, but from a security perspective it created a situation where a “trusted” internal network suddenly became bridged to an external network that could be accessed wirelessly. What might have been an acceptable risk, with only a few proprietary devices with physical access could perform privileged operations, became much more questionable when a WiFi-connected Linux device started to offer the same capabilities.
The goal of a cyber-attack is usually financial. An infusion pump attack could be leverage potential patient harm to extract ransom. A similar event from 2020 was a large coordinated attack on multiple US healthcare facilities which resulted in a complete loss of their electronic medical record system for weeks. The results of the ransomware-based attack led to 75% of active chemotherapy patients being turned away, rerouting of ambulances, and delays in testing and treatment. This was only for disrupting management systems and records. An attack controlling IV pumps that directly support human life, makes it easy to imagine an attacker demanding “ransom” to prevent patient harm.
Organizations need to protect themselves from these Airspace vulnerabilities before they become a victim. Harmony IoT provides a simple to deploy, out-of-band solution to Airspace security for Industrial and Healthcare.
Source : https://orchestragroup.com/uncategorized/airspace-vulnerabilities-in-healthcare/