SIS’ industrial cyber security specialists applied the latest exploit tools and techniques to perform stress and penetration testing of network-connected medical device technologies, to assess risks to the reliability of devices, and ultimately the safety of patients.
Network connectivity of medical devices has broadened functionality, yet there is now increased cyber vulnerabilities that may potentially lead to unacceptable risk of harm to patients. For cyber adversaries, it has never been easier to compromise everyday medical devices that the health sector relies so heavily upon every day to stay in operation. Healthcare providers ultimately have a duty of care to protect patients from device malfunction or shutdown, and therefore must ensure connected medical devices are resilient to the threat of cyber attack.
A metropolitan hospital management firm required specialised security services to conduct an assessment to review the robustness of medical devices, in order to protect medical equipment in hospitals from being compromised by an adversary.
The requirement was to conduct the assessment by reviewing (any) known weaknesses and vulnerabilities in the devices, before performing stress and penetration testing, in an attempt to exploit discovered vulnerabilities in a controlled test environment.
SIS endeavoured to achieve the objectives of the assessment by researching known vulnerabilities in the devices, along with consideration of vulnerabilities with other similar appliances. With intricate knowledge of the construct of industrial devices, SIS testers were capable of conducting stress and black-box penetration testing to assess the robustness of the devices, and also demonstrate any attack scenarios to test and verify that vulnerabilities identified could be exploited.
Black-box penetration testing simulates a hostile element attempting to cause damage/harm to the device. This methodology is carried out without prior knowledge of the development, application architecture, defense mechanisms, administrative user accounts or any other relevant information.
SIS’ team is staffed with highly technical security specialists, constantly involved with industrial cyber security testing. The team has an extensive background in various platforms and expertise that allows them the ability to tackle configurations from the perspective of a real-world adversary attack.
If you’d like to know more about our many years of experience in providing industrial cyber security solutions: