Medical Device Hacking Worldwide: Part 2

Did you read my last post with the positive story of how people are community-hacking their medical devices to improve their quality of life? While writing my last post, I also became aware of serious security concerns. This post will focus on the challenges related to great health innovations and disruptions and will cover security concerns about wearable health devices in general. As IoT moves closer and closer to the end user (with new devices potentially keeping a person alive), this also opens the door to serious security concerns.

Most Dangerous Hacked Health Solutions

In the hospital, a lot of devices are connected patients, which enables doctors and nurses to monitor their status. Next to hospital devices, we’re facing more and more wearables and implanted devices sending and receiving information. Here’s a list of the top connected health solutions that could have a fatal outcome if hacked.

• Hospital networks
• Surgical robots
• Insulin pumps
• Pacemakers
• Drug infusion pumps
• Heart rate monitors
• Post-operative monitoring systems

Real-Life Examples of Compromised Medical Devices

To show you this isn’t a theoretical concern, here are a few real-life examples of how some of the above-mentioned devices were compromised:

• Jay Radcliffe, a security researcher and Type 1 Diabetic, discovered several vulnerabilities on devices exploitable to give lethal doses of insulin remotely.
• At Black Hat and DefCon, researchers showed how they can hack pacemakers, insulin pumps, and patients’ vital signs in real-time.
• The University of Alabama compromised a pacemaker in iStan—a robot used to make medical students practice various procedures.
• In 2017 WannaCry ransomware spread across the world and a couple of medical devices have been proved to be infected.

Privacy Issues

The volume of data is increasing rapidly, and there’s a big focus on privacy from companies and governments everywhere. Security considerations, therefore, become much more important when the devices concerned are recording sensitive health information. On top of fatal security concerns, there are also concerns about the increasing amount of data being produced from IoT devices surrounding people’s health. This data could be produced be via your smartwatch, mobile phone, CGM devices, insulin pumps, hearing aids, and so on. The privacy risks from unauthorized access to data could also give you key information about location, physical activity, vital signs, or habits that could be misused. The collection of this data may lead to the risks of higher insurance rates for the patient along with the unknown serious consequences of data from health devices combined with other data sets. This information could, for example, be matched with lifestyle and health information, or medical records, negatively impacting people’s ability to seek affordable health care. Sensitive personal information could be shared publicly to ruin someone’s reputation.

No Need for Stephen King as Real Life Surpasses Fiction

The innovations made in technology and medical devices improve the lives of millions of people worldwide. This blog post began with a statement that, as we are moving closer to the edge of the network and to the end user, we need to secure our devices even more. One thing is what evil minds can do to get their hands on your money, another thing is to exploit wireless, implanted, and maybe biomedical devices to control people’s health, life, or death. The examples of devices mentioned above were created to save and improve lives, and as we innovate and disrupt, we need to have an even higher focus on security.