C4iSR: Joint & Common Equipment

US Army seeks to protect medical devices from cyber threats

14 December 2018

A service member positions a patient for a CT scan. Medical devices, such as radiological imaging systems, must now go through a cyber-security validation process in order to connect to military networks. Source: US Army/Staff Sgt Evelyn Chavez

The US Army Medical Command (MEDCOM) is growing its focus on cyber security, working to harden its increasingly networked devices against potential threats.

The army recently noted how almost all new medical devices contain some type of computer technology and are often remotely or wirelessly accessible, making them potentially susceptible to hackers.

To address the problem, the army created a cyber-security cell within the US Army Medical Materiel Agency (USAMMA) in early 2017, with the aim of ensuring medical devices comply with Department of Defense (DoD) cyber-security standards.

There are a number of potential concerns stemming from networked medical devices, said Captain Christopher Glass, MEDCOM's chief of cyber-security operations and security control assessor representative.

While the theft of private data is a significant threat, it is not the primary concern, he told Jane's . He said his own personal information has been hacked several times this year alone, and that while this was an inconvenience, it did not cause bodily harm. The real concern stems from the nature of medical equipment as life-saving devices that are hooked up to soldiers.

"If a hacker could gain control of that device, say an anesthesia machine, while it is connected to a patient, they could cause grave injury or death to that patient," Capt Glass explained. "That is my main concern: the safety of each person that steps into one of our facilities and has placed their faith in the network we are trying to protect by ensuring our devices are adequately secured."

Medical information privacy and protection "is one of the hottest topics in cyber security right now, which puts additional focus on ensuring adequate security", Capt Glass said. He spends most of his time ensuring that medical devices meet the standards set by the Risk Management Framework (RMF), the US government's overarching policy for device and network security.

Want to read more? For analysis on this article and access to all our insight content, please enquire about our subscription options at

(331 of 718 words)