Medical devices are getting more connected every year. From pacemakers to blood sugar monitoring glucometers, these devices now have built-in Wi-Fi connectivity.
That makes it easier for patients and medical professionals to monitor a patient’s well-being, but as with any networked system, it is also vulnerable to hacking. What do patients really need to know about medical device hacking?
An Invisible Problem
It can be difficult to tell whether hackers have attacked a device. In a recent simulation held at UC Davis, a simulated patient presented with chest pain. As expected, the team went through the standard cardiac procedures, assuming it was a heart attack. They failed to realize the “patient” was simulating a hacked pacemaker.
As a result, the “patient” kept dying and getting rescued by a pacemaker that was shocking him at the wrong time. The team wasn’t aware of the pacemaker hack, and none of the responding professionals had any idea how to react to a hacked pacemaker.
Just because these problems are rare and essentially invisible doesn’t mean medical professionals can ignore or forget about them during ER or trauma training.
The Medical Device Market
The medical device market is growing exponentially as innovators keep introducing new and better devices. Industry experts estimate these devices had a market size of $110 billion in 2015. That is why health care device hacking is so dangerous — and why it has been in the news in recent years.
For example, in 2013, government officials ordered doctors to disable the Wi-Fi capabilities in then-Vice President Dick Cheney’s pacemaker to prevent possible hacking-based assassination attempts.
In 2016, Johnson & Johnson warned its consumers their insulin pumps were vulnerable to hacks. While they assured users the risk was low and provided a solution to fix the vulnerability, a hacked insulin pump could potentially be fatal.
St. Jude is also having a problem with their Merlin@Home transmitter, which has been shown to be susceptible to hacking.
They have addressed this vulnerability with firmware updates to the transmitter, but before they had a chance to push the update through, two different exhibitions proved cardiac devices could be hacked, enabling the hackers to drain the batteries, alter cardiac pacing or even deliver shocks to the patient’s heart.
How Big a Problem Is This?
Medical cybersecurity is a growing problem, in more ways than one. Ransomware attacks crippled NHS facilities in the UK due to a vulnerability due to the use of older operating systems on medical computers.
While there have been no reports of medical device hijacking harming patients thus far, the potential is there, which means the industry must address it soon.
IoT devices, like implantable medical devices, don’t use the same kind of security computers or even cell phones do. Cyberthieves covet medical information more than even credit card or identity data now — most people don’t check their medical history or insurance as often as they look at their credit report. A savvy thief can use that information to order medical devices and prescriptions and sell them for a profit on the black market.
By becoming aware of the problem before it takes lives, medical professionals can help prevent unnecessary loss of life or injury from a hacked implantable device.
Right now, it isn’t a huge problem, but the potential is there — medical device hackers could cause irreparable harm to patients who rely on these lifesaving tools.
These occurrences aren’t a huge problem — yet — and hopefully the industry can get ahead of the problem before these hackers harm someone.