Increased Security for Connected Medical Devices to Drive Cybersecurity Market to $143 Billion

The Food and Drug Administration (FDA) recently released a safety communication regarding a set of 11 cybersecurity vulnerabilities, referred to as the URGENT/11, which could potentially leave large numbers of connected medical devices open to exploitation by remote attackers. The global cybersecurity market is set to be worth $143 billion in 2021, up from $114 billion in 2017, and events such as the discovery of the URGENT/11 vulnerabilities highlight why such strong growth is expected, particularly in the healthcare sector, says GlobalData, a leading data and analytics company.

Rose Joachim, Senior Immunology Analyst at GlobalData, said “Although the FDA assured the public that there have not yet been any reported attacks, the breadth of devices put at risk by these vulnerabilities and the extreme level to which the vulnerable systems could be manipulated is staggering. Although this new level of connectivity is transforming patient care, close attention must be given to the design of these devices and the software on which they run. With the increasing usage of big data in monitoring patient health, medical devices are steadily becoming more connected to the internet, demonstrating the growing importance of cybersecurity solutions in the healthcare industry.”

The URGENT/11 vulnerabilities were discovered by researchers from Armis, a small cybersecurity firm specializing in security for connected devices, also known as the Internet of Things (IoT). The weak code was identified in a third-party software component called IPnet, which helps support network communications between computers. The IPnet software is currently owned by Wind River and used in the company’s real time operating system (RTOS), VxWorks.

Joachim adds “RTOSs are built to process data in real time with high reliability and accuracy—a function crucial to many devices used in the healthcare sector, such as patient monitors and infusion pumps.”

The URGENT/11 vulnerabilities allow attackers to remotely take over internet-connected devices, bypassing perimeter security measures such as firewalls. As such, the vulnerabilities can be used to propagate malware within networks and between different connected devices.

Using these weaknesses, a remote user could take control of a medical device and change its function, cause information leaks, or shut down the machine entirely. An attacker could hijack a patient monitor in a hospital and record patient data or even fake an emergency such as cardiac flat-line.

Joachim concludes “Luckily, it appears the URGENT/11 vulnerabilities were identified before any great harm could be done. Many parties have already begun to identify risks and implement remedial solutions such as software patches. However, it cannot be ignored that these large-scale software issues are occurring more and more frequently, highlighting the vital importance of cybersecurity products and services in protecting the more connected healthcare systems of the future.”

Analysts available for comment. Please contact the GlobalData Press Office:
EMEA & Americas: +44 (0)207 832 4399
Asia-Pacific: +91 40 6616 6809
Email: pr@globaldata.com

For expert analysis on developments in your industry, please connect with us on: GlobalData | LinkedIn | Twitter

4,000 of the world’s largest companies, including over 70% of FTSE 100 and 60% of Fortune 100 companies, make more timely and better business decisions thanks to GlobalData’s unique data, expert analysis and innovative solutions, all in one platform. GlobalData’s mission is to help our clients decode the future to be more successful and innovative across a range of industries, including the healthcare, consumer, retail, financial, technology and professional services sectors. PR6894