Michael Nowatkowski, PhD, associate professor at University of Augusta's computer and cyber sciences school in Georgia, specializes in reverse engineering medical devices to check their cybersecurity strength, according to a Sept. 18 Athens Banner-Herald report.
Reverse engineering involved deconstructing the medical device to locate potential weak areas, such as inadequate radio-frequency transmitters or exposed USB ports. "You've just got to sit and think like a bad guy for a little while to think of all the ways to attack that system," Dr. Nowatkowski told the publication.
Many cybercriminals are finding ways to capitalize on poor medical device cybersecurity by purchasing medical equipment from sites like eBay to look for weaknesses and sometimes access patient data that wasn't properly removed from the device, he said.
Hospitals now can have up to a dozen internet-connected devices per patient bed, which help collect and stream patient data to caregivers. However, these devices also double as possible entry points for hackers to get into the hospital's larger network and steal information including patient medical records or inflict a ransomware attack.
By reverse engineering medical devices, Dr. Nowatkowski said he hopes "whatever we can improve also can be used in any other embedded system or any other internet-of-things device," and added that he thinks researchers in the future will create field-testing improvements in healthcare devices at virtual facilities.