Back to Basics: Part I
Let's take a moment to get back to the basics of cybersecurity in medical product design. The goal is to prepare a solid list of things to be on the lookout for when doing a cybsecurity risk analysis.
Don't use hard-coded credentials
Hard-coded usernames and passwords are still one of the most pervasive trends in medical device design. It's not hard to see why they are so tempting. They are easy to implement and easy to keep track of. The problem is that they are hard to keep secret. All it takes is one leak and your entire product line is instantly insecure. Passwords need to be device-specific and easily changed in case something happens.
Sanitize your inputs
There was a time when it could be assumed that all input came from a trusted, knowledgable and non-malicious sources (e.g. a doctor or nurse). With the rise of connected medical devices, this is no longer the case. Any input from the network could be malicious and must be sanitized. Even rarely-looked-at standards need to be carefully examined. For example, does your medical device accept HL7 v3 XML as part of LIMS communication? There are numerous XML vulnerabilities related to arbitrary XML document parsing that can cause your device to crash, potentially leak PHI, or be used to attack a hospital network. All of these attacks leverage standards compliant XML and can be used to abuse systems that don't authenticate before parsing. Many can be prevented by just disabling uneeded XML parser features. All external input, no matter how trivial, even if it's "just XML", should be sanitized and evaluated for potential risk.
Update: See Part 2 of this series...