Episode 31 · March 25, 2025 · 36m listen · 6,447 words · ~32 min read
The Growing Importance of Interoperability and Third-Party Component Security | Ep. 14 - Full Transcript | The Med Device Cyber Podcast
Read the complete, searchable transcript of Episode 31 of The Med Device Cyber Podcast - expert conversations on medical device cybersecurity, FDA premarket and postmarket guidance, SBOM management, threat modeling, and penetration testing.
Prefer the listening experience? Open the episode page for the synopsis, key takeaways, topics, and Apple / YouTube listen links.
Episode summary
In this episode of The Med Device Cyber Podcast, hosts Christian Espinosa and Trevor Slattery delve into the critical topic of interoperability in medical devices and the significant cybersecurity risks it introduces. They begin by defining interoperability as the ability of a medical device to connect and exchange data with other systems within a healthcare delivery organization's (HDO) environment, such as networks, wireless connections, and other devices. The central argument is that every point of connection creates a new potential vulnerability, expanding the device's attack surface and increasing overall cybersecurity risk for both the device and the hospital network.
A key concept explored is the 'second-order attack,' which Trevor Slattery explains in detail. Unlike a direct attack on a target, a second-order attack involves compromising one system to indirectly gain access to another. He provides concrete examples relevant to healthcare, such as an attacker modifying DICOM image files on a PACS server. When an interconnected medical device ingests these malicious files, it becomes compromised. This principle works in reverse as well; an insecure medical device could be used as a pivot point to attack other critical systems on the hospital network, like the Electronic Medical Records (EMR) system or even seemingly benign devices like printers, which Trevor notes are notoriously easy to hack. The conversation emphasizes that this risk is a two-way street, where the hostile nature of many hospital networks can endanger a secure device, and a vulnerable device can poison an otherwise secure network.
The hosts also discuss practical considerations and solutions for both device manufacturers and HDOs to mitigate these interoperability risks. A fundamental recommendation is to implement robust data integrity and authentication checks. Every piece of data entering or leaving a medical device should be validated to ensure it is from a legitimate source and has not been tampered with, for instance, through the use of digital signatures. They also advise against reinventing the wheel by creating proprietary communication protocols. Instead, leveraging well-established, open-source, and heavily scrutinized standards like DICOM is a more secure approach, as these have been battle-tested over many years. Furthermore, the discussion touches on securing physical and logical ports, such as using whitelisting to allow only specific, authorized USB devices to connect. As healthcare moves towards greater digital transformation and data consolidation, the hosts conclude that addressing the security challenges of interoperability is not just a technical requirement but a fundamental aspect of patient safety.
Key takeaways from this episode
Interoperability in medical devices, while increasing functionality and efficiency, significantly expands the cybersecurity attack surface by creating new connection points.
A major threat associated with interconnected devices is the 'second-order attack,' where compromising one system (like a PACS server) can be used to indirectly attack and compromise another connected device.
The security risk is bidirectional: a medical device can be compromised by an insecure hospital network, and a compromised device can be used to attack other critical network systems like EMRs.
Data integrity and authentication are crucial. Manufacturers must ensure all data entering or leaving a device is validated to confirm its source and that it hasn't been altered.
Using established, open-source, and battle-tested communication protocols (like DICOM) is generally safer than developing proprietary protocols that lack widespread security vetting.
Physical and logical access controls for ports (e.g., USB) are essential. This includes whitelisting specific, trusted peripherals to prevent attacks from unknown devices.
As the healthcare industry pushes for greater digital transformation, the need for robust security in interoperable systems becomes paramount to ensure patient safety and data protection.
Healthcare networks should often be considered 'hostile environments,' meaning medical devices must be designed with strong security controls and not assume the network they connect to is safe.
Full episode transcript
Page 1 of 8· Paragraphs 1 - 22
Christian: Hi, welcome back to the Med Device Cyber podcast. I'm your host, Christian Espinosa. I'm here with our co-host, Trevor Slattery.
Christian: And today, we're talking about an important topic, interoperability and some of these cybersecurity risk associated with interoperability. Any medical device is going to be deployed on a healthcare delivery organization environment, and it often has to interoperate... Uh, it's a it's a challenging word. Um, be interoperable with other systems on that environment. And any time you connect one device to another one, uh, you've across a network or wirelessly or Bluetooth, that that introduces more cybersecurity risk.
Christian: So we're going to go over that today and some of the considerations a manufacturer should consider as well as a healthcare delivery organization, an HDO, should consider.
Christian: So how, how you doing today, Trevor?
Trevor: Not too bad. It's uh, turning into a full-on blizzard outside. I can't see the house in front of me anymore, but uh...
Christian: I don't think it's really a blizzard in Flagstaff.
Trevor: No, it's supposed to get a foot and a half of snow this morning.
Christian: Well, I think the last podcast you were complaining about not enough snow because you couldn't go to, you bought that annual ski pass or something.
Trevor: I know, and as soon as it starts snowing, I'm leaving tonight for, like, a week and a half, so now I don't get to enjoy the snow.
Christian: Oh, no. Sounds like a first, first world problem to me.
Trevor: Yep.
Christian: Awesome.
Christian: Well, uh, let's uh, dive right into it. So, what do you think are the main risks associated with interoperable medical devices?
Trevor: I think there, it can depend on the device. I would say a blanket problem that can be present in a lot of devices. So, a lot of like newer penetration testers won't be as experienced with this concept, and a lot of cybersecurity professionals may not even be very familiar with it. And that's the concept of a second-order attack.
Trevor: And what we're really saying when we say a second-order attack is you exploit a vulnerability in one system that compromises another system. So, you don't directly see the impact, but you're feeding in bad input or bad data into somewhere else, and then that triggers a problem.
Christian: So let me back up a second to make sure our audience understands what you're saying with a concrete example. So I, I think you're saying if I can exploit a, a PACS system, for instance, that has DICOM files on there and modify the DICOM files so those are ingested by a medical device, then we could infect that device with these infected DICOM files. Is that right?
Trevor: Exactly. Or like if I was able to somehow compromise this mouse and I made it send different Bluetooth signals instead of just operating the mouse like normal, it controlled input to do certain bad things on my computer. While I technically hacked into the mouse, I compromised my computer. So that would be another example of a second-order attack.
Trevor: And I think that can be a pretty big and prolific problem with medical devices. And the main reason being that even if the device itself is secure, so there isn't a problem that you can necessarily exploit in the device itself, a lot of components in a hospital might not be secure. And a lot of components, you know, it may not even be at the front of someone's mind for security.
Trevor: Like a printer, for example. I know every, every penetration tester has their war stories about hacking into printers in hospital networks.
Christian: We love talking about these printers.
Trevor: It's, I'm serious. Every time I've been on a hospital penetration test, it's been my first way in is through a printer. And so if you have a medical device with a problem, you can potentially exploit that problem in a second component, like a printer, like an EMR system, like a workstation. And so I think that's a big concern with interoperability. But I know that there can be a couple of other areas that that covers as well. It's a little bit of a broad topic. So, I'd be interested to hear what some of the, what some of your thoughts would be on the topic.
Christian: Well, I think it's a two-way street what you're describing, right? Uh, you said a second-order attack... from the perspective somebody attacks a printer, and then they leverage that to attack the medical device, or somebody attacks the EMR and that attacks the medical device. But it's also the other way around, right? Somebody can attack the medical device and then that could attack the EMR or the PACS system or any other system on the hospital environment. So it goes both directions, right?