Surgical robot is “hacked” crisis: When the robot arm appears at the surgery site, how to strengthen the information security behind it?

Sharing is Caring

 

Surgical robot is “hacked” crisis, The race to develop robots to assist surgeons in operations is accelerating. In recent years, surgical-assist robots have been introduced into more difficult brain surgeries because they can perform more precisely than human hands and reduce the physical burden on the patient. It is estimated that by 2030, the market for surgical assisting robots will reach 22.7 billion US dollars. Asian countries such as China, Japan, South Korea and Taiwan are also rushing to develop and catch up with the United States, which is the leader in surgical assisting robot technology.

On August 12, 2022, a live broadcast of brain surgery at Hualien Tzu Chi Hospital attracted medical professionals from all over the world. During the operation, the participants focused on “NaoTrac”. “NaoTrac” is a surgical assistance robot developed by Taiwan’s biotech start-up company Brain Navi Biotechnology.

NaoTrac is equipped with a 3D navigation system that enables it to target specific lesions in the patient’s brain and insert surgical instruments such as tubes accurately and quickly. The brain is a complex and fragile structure, but the instrument can be inserted at a very slow speed of 0.5 millimeters per second, reducing the risk of damaging blood vessels or causing unnecessary bleeding during insertion.

Generally, without the use of surgical assistance robots, it is necessary to drill a hole about the size of a dollar in a fairly hard skull, but if Naotrac is used, it can reduce the burden of wounds on the patient’s body.

With the attention of professionals around the world, the operation was quite successful. Lin Xinrong, director of Tzu Chi Hospital, said: “Because of the surgical assisting robot, doctors can be more accurate and confident in performing surgery.”

“What is the difference in operation between our robot and the Da Vinci robot? Basically, you can think of the Da Vinci robot as a remote control, which “repeats” your actions to operate, so the emphasis is on the proficiency of the doctor’s surgery ” explained Dr. Jiexiao Chen, CEO of Ti Falcon Biotechnology.

“However, our special-purpose robot, because the movements are very small and precise, so what it requires is not the doctor’s own operation, but how the doctor “plans”, and after planning, let it assist you in performing these movements. It’s a bit Something like a self-guided driving concept.”

The introduction of surgical robots to the surgical scene dates back about 10 years. Until recently, laparoscopic surgery using “master-slave” surgical robots that mimic human movements through teleoperation was the mainstream in the surgical market. But in recent years the trend has shifted toward the use of surgical robots in more delicate surgeries like those on the spinal cord, knee joints and cranial nerves.

The basic patent of the surgical assistant robot “da Vinci” (da Vinci Surgical System) developed by Intuitive Surgical of the United States, which almost monopolizes the market, has expired in 2019. This is why many companies in the United States and other countries are currently actively developing and commercializing surgical assistance robots.

According to the data of the Japan Patent Office, among all the patent applications related to surgical robots, the American nationality still accounts for a high proportion of 52.5%, followed by the Chinese nationality accounting for 15%, the European nationality accounting for 11.7%, and the Japanese nationality accounting for 8.9%. , Korean nationality accounted for 6.2%, and applications from Taiwanese nationals accounted for 0.6%. It can be seen that the proportion of applications from Asian countries has also become a growing force.

 

 

How to strengthen the information security behind the switch from human hands to robotic arms?

The doctor sits in the office before the operation to plan the positioning of the equipment, and then enters the operating room to supervise the operation steps of the surgical robot. This kind of collaboration between humans and machines may become a common sight in the operating room in the future. However, is there any information security focus that needs to be paid attention to behind the robot that is input with instructions and operates step by step, assisting the hands of experienced doctors?

Trend Micro released a survey report on the impact of ransomware on the medical industry in October this year (2022), and mentioned that more than 50% (57%) of medical institutions in the world have been attacked by ransomware in the past 3 years , and 25% of these institutions said they were forced to shut down completely, and another 60% said that some business processes were affected.

Trend Micro’s global department pointed out that in 2019, a ransomware attack occurred in a medical institution in the United States. Because important systems were attacked, patient data could not be read, and medical staff could not monitor important heart rate information at any time. Just last year, the systems of Irish medical institutions were crippled for months due to ransomware attacks, resulting in huge monetary losses.

In addition, in November this year, Medibank, an Australian health insurance company, was hacked. After Medibank refused to pay the ransom, the medical records of hundreds of customers were released, including Australian Prime Minister Anthony Albanese.

Although there are many targets for hackers, in the field of medical treatment, it is often of great importance to personal ailments and even life-threatening. If hackers covet it, the consequences will be unimaginable.

Wang Yingting, the former technical manager of the Information Security Institute of the Information Policy Council and an information security risk consultant, said that according to the white paper “Medical Device Safety Testing” issued by the independent product safety certification organization UL (Underwriters Laboratories) in the United States, according to IEC80601-2-77 surgery For the robot safety certification project, the potential information security risks of surgical robots come from three conditions:

  • Interaction conditions (Interaction conditions): For example, when operating a surgical robot, it is not directly operating the machine itself, but remote control through other computers.
  • Interface conditions: Surgical robots are connected to peripheral devices, such as physiological monitors that monitor patient vitals, or the robot may be integrated with other injectors.
  • Mechanical conditions: If the surgical robot is not connected to the Internet, it may be necessary to insert a USB drive when its firmware needs to be updated.

Echoing the third point, although some surgical robots do not have a networked system to reduce information security risks, it cannot be ignored that there are still other information security factors that need to be paid attention to, such as unsafe equipment updates (insertion of pen drives with viruses); Or electromagnetic signals (such as radio waves, bluetooth, etc.) may cause signal interference to surgical robots.

Wang Yingting suggested that in order to minimize information security risks, surgical robot manufacturers and operating hospitals have their own key points to pay attention to. It is best for equipment manufacturers that produce surgical robots to pass a recognized information security certification to prove that their products have no problems, which has already reduced most of the information security risks.

For the medical field that belongs to the operation side, it is best to conduct related assessments with information security companies, such as information security structure review, penetration testing, etc., to reduce human error in setting. Wang Yingting said: “For example, the operator may set the password to 123456 for the convenience of the doctor, and the attacker can easily invade.”

In addition, we must regularly review the environmental security of the hospital, such as equipment replacement, network changes, and don’t forget to adjust the settings after changing the settings. The software and hardware in the surgical robot have their own lifespan. After a period of time, loopholes may be discovered. The medical end used must regularly check whether the field is safe. Wang Yingting reminded that there is no absolute security in information security, but the above-mentioned measures can increase the difficulty of hacker attacks and reduce related risks.

[Join key comment network members] wonderful and good articles are sent directly to your mailbox every day, and special e-newspapers such as editor’s selection, current affairs selection, art and literature weekly are exclusively available every week. You can also leave a message to discuss the content of the article with the author, reporter, and editor. Click to become a member for free now!

Sharing is Caring