A major health system commissioned the study, which finds that an attacker located near equipment like freezers and coolers could use electromagnetic interference generated by simple devices like walkie-talkies to fool temperature sensors into giving false readings.
The interference could cause a cooler’s temperature monitor to falsely indicate that the vaccine inside has become too warm to use, or it could cause a freezer to malfunction and spoil its contents.
The good news is there are simple steps that hospitals and health systems can take to protect themselves. Kevin Fu, then associate professor of electrical engineering and computer science at the University of Michigan, led the study. Fu later joined the FDA as acting director of medical device cybersecurity. He recommends the following five steps:
1. Restrict access to data like temperature displays
A potential attacker might try to devise a hack using trial and error—trying several different types of electromagnetic interference (EMI), such as radio waves from walkie-talkies, while watching temperature displays or other data to see which type of interference is effective.
- Health systems can protect against this kind of attacker by making data points like temperature readouts less visible. This could be done by:
- Installing blinders on temperature displays, similar to those on ATMs and voting machines.
- Eliminating real-time temperature displays when possible.
- Moving displays to make them less visible—for example, turning a display so it can’t be seen through a room’s doorway.
- Restricting access to areas where temperature displays are located.
2. Keep the details about your sensors confidential
If a prospective attacker knows which sensors you use, they could buy an identical model, then work out the details of an attack off-site. Health systems can reduce the likelihood of this by keeping model numbers and other details about the temperature sensors in equipment like coolers and freezers confidential.
3. Keep the locations of your sensors confidential, and move them frequently
To successfully carry out an attack, a hacker must put an EMI device within a certain distance of the targeted equipment. There are a number of ways that health systems can make that more difficult. They include:
- Keep the locations of cold chain equipment confidential.
- Frequently moving equipment to different locations.
- Moving equipment toward the center of the rooms where they’re stored. This makes it more difficult to carry out an attack from an adjoining room.
4. Select the lowest possible sensor sampling rate
Temperature sensors take measurements at pre-set sampling rates—for example, once every five minutes. And a sensor with a lower sampling rate provides less data that a hacker could use to carry out an attack.
5. Use a sensor that’s less susceptible to electromagnetic energy
Depending on specific application, it may be possible to use a sensor that’s less susceptible to interference than a traditional thermocouple, like an on-chip integrated temperature sensor or a chemical-based temperature indicator.
Read more at 5 WAYS TO KEEP VACCINE ‘COLD CHAIN’ SAFE FROM HACKERS
Leave your comments below and subscribe to us for more updates.