Hospitals and health systems can prevent hackers from attacking their equipment that keeps COVID-19 vaccines ultracold by implementing protective measures like limiting access to sensor displays, according to Kevin Fu, PhD, the FDA's medical device cybersecurity director.
Dr. Fu, who became the FDA's first acting director of medical device cybersecurity in February, led a recent study published in Biomedical Instrumentation and Technology that found that an attacker located near vaccine cold chain equipment, such as freezers or coolers, could use electromagnetic interference to compromise temperature sensors into showing false readings, Nextgov reported Oct. 21.
The electromagnetic interference, which could be generated by devices like walkie-talkies, could then cause a cooler's temperature to falsely show that vaccines have become too warm to use or cause a freezer malfunction that would spoil the contents.
Here are five steps health systems can take to prevent cyberattacks on the vaccine cold chain, according to Dr. Fu.
1. Make data points such as temperature displays less visible so that potential attackers can't use the details to plan out an attack. Dr. Fu recommended installing blinders on temperature displays, getting rid of real-time temperature displays and restricting access to areas where the hacker could see temperature details.
2. Keep confidential the model numbers and other details about the temperature sensors in coolers and freezers. If a prospective hacker knows which sensors the health system uses, they could buy an identical model and plan the attack off-site.
3. Don't disclose locations of sensors and move them frequently. To carry out an attack, a hacker must place an electromagnetic interference device — such as a walkie-talkie that emits radio waves — within a certain distance of the targeted equipment. Frequently moving equipment to different locations can throw off plans for attacks.
4. Choose the lowest sensor sampling rate — for example, once every five minutes. The lower the sensor rate, the less data provided that a hacker could then use to carry out an attack.
5. Deploy a sensor that is less susceptible to electromagnetic energy, such as an on-chip integrated temperature sensor or a chemical-based temperature indicator.