January 2017

MaScarPone

MedicAl SCAnneR POwNagE – analysing the IT security of a connected medical device

Context

In hospital context, there is little emphasis put on IT security.

Medical devices are more and more connected and rely on IT. They must therefore be secure enough to assure patients safety also from an IT point of view, which means being resilient to digital threats.

Threats

Most common threats are simple incidents, human mistakes, power surge or outage. However, a more threatening scenario is an attack from hackers.

If a hacker can access the system or network, data may be stolen, vital devices may be blocked, and the hospital and patients lives may be endangered.

Objective

Following the I Am The Cavalry’s “Hippocratic Oath for Connected Medical Devices” [ www.iamthecavalry.org ], the project MaScarPone aims at analysing and enhancing the security of medical devices, and at raising awareness amongst health professionals.

Process

DR (Digital Radiography) systems are becoming very common.

They usually include wireless communication, private data storage and a connected computer, and  are physically accessible with few efforts.

Our project’s aim is to assess and test the security of all these elements.