Security

Medical Device Hacking Worldwide: Part 2

March 20, 2020

Medical Device Hacking Worldwide: Part 2

Did you read my last post with the positive story of how people are community-hacking their medical devices to improve their quality of life? While writing my last post, I also became aware of serious security concerns. This post will focus on the challenges related to great health innovations and disruptions and will cover security concerns about wearable health devices in general.

As IoT moves closer and closer to the end user (with new devices potentially keeping a person alive), this also opens the door to serious security concerns.

Most Dangerous Hacked Health Solutions

In the hospital, a lot of devices are connected patients, which enables doctors and nurses to monitor their status. Next to hospital devices, we’re facing more and more wearables and implanted devices sending and receiving information. Here’s a list of the top connected health solutions that could have a fatal outcome if hacked.

  • Hospital networks
  • Surgical robots
  • Insulin pumps
  • Pacemakers
  • Drug infusion pumps
  • Heart rate monitors
  • Post-operative monitoring systems

Real-Life Examples of Compromised Medical Devices

To show you this isn’t a theoretical concern, here are a few real-life examples of how some of the above-mentioned devices were compromised:

Privacy Issues

The volume of data is increasing rapidly, and there’s a big focus on privacy from companies and governments everywhere. Security considerations, therefore, become much more important when the devices concerned are recording sensitive health information.

On top of fatal security concerns, there are also concerns about the increasing amount of data being produced from IoT devices surrounding people’s health. This data could be produced be via your smartwatch, mobile phone, CGM devices, insulin pumps, hearing aids, and so on.

The privacy risks from unauthorized access to data could also give you key information about location, physical activity, vital signs, or habits that could be misused. The collection of this data may lead to the risks of higher insurance rates for the patient along with the unknown serious consequences of data from health devices combined with other data sets. This information could, for example, be matched with lifestyle and health information, or medical records, negatively impacting people’s ability to seek affordable health care.

Sensitive personal information could be shared publicly to ruin someone’s reputation.

No Need for Stephen King as Real Life Surpasses Fiction

The innovations made in technology and medical devices improve the lives of millions of people worldwide. This blog post began with a statement that, as we are moving closer to the edge of the network and to the end user, we need to secure our devices even more. One thing is what evil minds can do to get their hands on your money, another thing is to exploit wireless, implanted, and maybe biomedical devices to control people’s health, life, or death. The examples of devices mentioned above were created to save and improve lives, and as we innovate and disrupt, we need to have an even higher focus on security.


Liselotte is an ex-system admin and now owner of Textrovert focusing on technical content: writing, podcast, and videos. She is a VMUG Leader in Denmark, vExpert, Veeam Vanguard, and psychotherapist.