| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 863.84 KB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
Os dispositivos médicos são, atualmente, indispensáveis no diagnóstico e terapêutica de diversas patologias e são utilizados em contextos clínicos variados. Sejam implantados dentro do corpo de alguém ou utilizados em conjunto num hospital, características como a sua interoperabilidade e comunicação sem fios foram sendo desenvolvidas com os avanços da tecnologia, sendo até possível a sua ligação com dispositivos exteriores como smartphones. No entanto, apesar de benéficos, estes avanços também trouxeram riscos acrescidos à segurança dos dispositivos sob a forma de vulnerabilidades de cibersegurança.
Nesta monografia, é abordada uma grande diversidade de possíveis ataques conhecidos, como os do tipo phishing ou instalação de malware, cada um deles com vários objetivos. Os mais comuns são os motivos financeiros, geralmente orquestrados a partir da exigência de resgates em troca de informação confidencial (ransomware), a qual se tem tornado cada vez mais valiosa em mercados clandestinos. Outras intenções são, por exemplo, a espionagem e o ciberterrorismo.
Estas ameaças têm-se vindo a agravar desde a pandemia, especialmente com a implementação das teleconsultas, e podem chegar a afetar uma rede inteira de comunicações hospitalares. Esta situação resultará, possivelmente, na perda ou na violação de registos clínicos e sigilo médico e dados pessoais importantes, em falsos diagnósticos médicos ou mesmo num atraso generalizado de atendimento de pacientes o que já teve como consequência, em alguns casos, a morte dos mesmos.
Os hackers aproveitam-se de vulnerabilidades em comunicações wireless e entre dispositivos para aceder a dispositivos médicos implantáveis, o que constitui a maior ameaça porque, desta forma, podem remotamente colocar a saúde de um paciente em perigo, seja administrando doses erradas numa bomba de insulina ou desligando um pacemaker, por exemplo.
Além das medidas gerais como instalação de antivírus e encriptação de dados, os fabricantes deverão desenvolver um plano de gestão de risco de acordo com as legislações em vigor, de modo a proteger o produto antes e após a sua comercialização.
Nowadays, medical devices have become an indispensable tool for healthcare and can be used in a variety of contexts. Whether they are implanted inside someone's body or used together in a hospital, features such as interoperability and wireless communication have been implemented with the advances in technology, making it even possible to connect them with external devices such as smartphones. However, although beneficial at first, these advances also brought increased risks to the device security in the form of cybersecurity vulnerabilities. This monography addresses a wide range of possible attacks such as phishing or malware installation, each with their goals. The most common reason is financial, generally orchestrated by demanding ransoms in exchange for stolen confidential information (ransomware), which is becoming increasingly valuable in clandestine markets. There are other intentions such as espionage and cyberterrorism. These threats have been getting worse since the pandemic, especially with the implementation of telemedicine, and can disrupt an entire hospital communications network. This can result in the loss or corruption of medical records and important personal data, false medical diagnoses or even a general delay in patient care, which has resulted, in some cases, in the patient's death. Hackers take advantage of vulnerabilities in both wireless communications and between devices to access even implantable medical devices. This is a huge threat because, by doing this, they can remotely put a patient's health in danger by administrating wrong doses in an insulin pump or turning off a pacemaker, for example. In addition to some common measures, such as installing antivirus and data encryption, manufacturers must develop a risk management plan in accordance with the current legislation in order to protect the product in the pre- and post-market stages.
Nowadays, medical devices have become an indispensable tool for healthcare and can be used in a variety of contexts. Whether they are implanted inside someone's body or used together in a hospital, features such as interoperability and wireless communication have been implemented with the advances in technology, making it even possible to connect them with external devices such as smartphones. However, although beneficial at first, these advances also brought increased risks to the device security in the form of cybersecurity vulnerabilities. This monography addresses a wide range of possible attacks such as phishing or malware installation, each with their goals. The most common reason is financial, generally orchestrated by demanding ransoms in exchange for stolen confidential information (ransomware), which is becoming increasingly valuable in clandestine markets. There are other intentions such as espionage and cyberterrorism. These threats have been getting worse since the pandemic, especially with the implementation of telemedicine, and can disrupt an entire hospital communications network. This can result in the loss or corruption of medical records and important personal data, false medical diagnoses or even a general delay in patient care, which has resulted, in some cases, in the patient's death. Hackers take advantage of vulnerabilities in both wireless communications and between devices to access even implantable medical devices. This is a huge threat because, by doing this, they can remotely put a patient's health in danger by administrating wrong doses in an insulin pump or turning off a pacemaker, for example. In addition to some common measures, such as installing antivirus and data encryption, manufacturers must develop a risk management plan in accordance with the current legislation in order to protect the product in the pre- and post-market stages.
Description
Trabalho Final de Mestrado Integrado, Ciências Farmacêuticas, 2023, Universidade de Lisboa, Faculdade de Farmácia.
Keywords
Cibersegurança Dispositivo médico Protected health information Malware Implantable medical devices Internet of things Mestrado Integrado - 2023