Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Surgical robots -- smart but insecure

Taylor Armerding | June 3, 2015
Remote surgical robotics offers the promise of bringing the best medical expertise anywhere in the world. But, so far, it can also be risky business, as a team of researchers demonstrated in a series of hacks

As is the case in every digital device, there is no way to make it 100% secure, but experts say there are a number of ways to improve it significantly.

The UW research team recommended encrypting data to and from the Raven II, along with better authentication, to prevent packet spoofing attacks, which they said would provide, "low-cost and high benefits to telerobotic surgery, mitigating many analyzed attacks."

But encryption does not prevent man-in-the-middle attacks.

Cowperthwaite believes, "better authentication is the key. Require digital certificates on both sides be exchanged to authenticate that each side is real," he said.

"Second, require TLS encryption of control sessions, etc. Third, healthcare simply has to get better at security generally," he said. "The Premera, CareFirst, Anthem and CHS attacks are not inspiring confidence right now."

Ostashen recommended that devices designed for remote, online surgery should, "have their own networks segregated from the corporate network to ensure the proper entities are the ones only accessing them.

"An example would be having technology in place to detect anomalies like malware or unauthenticated access to the network," he said. "If a surgeon is remote accessing these devices, implement VPN with two-factor authentication as well as IP whitelisting so that the surgeon has to access it from a secure dedicated location every time."

And there is unanimous agreement that even current security risks are far outweighed by the benefits of remote surgery.

"Regardless of the security risk, tele-medicine, including remote, robotic surgery, is going to bring about a massive improvement in the healthcare delivered in remote and undeveloped locations," Cowperthwaite said.

"It would be very short-sighted to deny dramatic improvements in healthcare because we cannot provide 100% security."


Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.