Hacked Medical Devices Risk Patients Health - Time for Information Security Solutions

January 31, 2015

Software and systems innovations are revolutionizing the way people design, build and interact with medical devices. Today’s smart medical devices are game-changers when it comes to health management and research, offering practitioners, patients and researchers new tools to gather information about a patient’s condition and administer treatment.

artificial heart

Coding bugs and software vulnerabilities, however, make these medical devices susceptible to hackers trying to steal data or interfere with the function of these devices. Despite this risk, the number of medical devices in the years to come will likely rise, requiring an army of information security specialists to ensure the privacy and safety of patients and healthcare institutions.

Trend Towards Vulnerability

IBM names three game-changing trends in the medical device industry: mobile technology, the Internet of Things (IoT), and software. While beneficial, each presents new and potentially substantial risk to information security. 

There have been no reported cases of someone hacking into a pacemaker or other medical device,  but the danger is certainly real. Hackers could potentially steal information transmitted by these devices or control the devices to inflict harm. In the worst-case scenario, a hacker could direct insulin pumps to administer an overdose of insulin to the pancreas. Program a pacemaker to deliver an electric shock to the heart, or cause a ventilator to stop functioning without setting off an alarm.

Making Medical Devices More Secure

Reuters reported in October of 2014 that the Department of Homeland Security (DHS) is investigating about two dozen cases of suspected cybersecurity. The products under review include implantable heart devices from Medtronic Inc and St Jude Medical and a Hospira Inc infusion pump. According to the Reuters report, a senior DHS official said the agency is working with the device manufacturers to detect and repair software vulnerabilities that hackers could use to gain entry into the device.

The Office of Inspector General under the U.S. Department of Health and Human Services (HHS) will examine whether Medicaid oversight of hospitals’ cybersecurity measures provides adequate protection of networked device. In that 2015 Work Plan, HHS says, “Computerized medical devices, such as dialysis machines, radiology systems, and medication dispensing systems that are integrated with electronic medical records (EMRs) and the larger health network, pose a growing threat to the security and privacy of personal health information.”

Malware can cause an infected medical device to stray from its expected behavior. The device can slow down, for example, or miss critical interrupts. When this happens, healthcare professionals can no longer depend on the readings provided by or the functionality of a device, and revert to traditional methods of providing care.

According to IEEE, the world's largest professional association for the advancement of technology, the U.S. Food and Drug Administration received nearly 1.2 million reports of adverse events and 5,294 recalls between 2006 and 2011. Computer-related failures accounted for nearly 23 percent of the recalls; in approximately 94 percent of cases of computer-related failures, patients faced a medium to high risk of severe health consequences, including serious injury or death.

The threat to information security will likely grow as the number of medical devices increase. Creating a greater need for information security professionals with special knowledge in medical device technology. The Bureau of Labor Statistics expects the number of job opportunities for information security analysts to rise 37 percent between 2012 and 2022, which is much faster than employment growth in all other careers. This growth is in response to the increasing threat of cyberattacks. 

These information security analysts will face an uphill battle against cyberthreats as the number of connected medical devices rise. Their technical skills, training, and expertise may be all that separates hackers and thieves from patients in need of medical care

Jobularity - find your dream job!
May 5, 2015

Before you build a career in healthcare, you'll need to understand what constitutes an attractive ...

May 25, 2015

Jobs in healthcare are about as rewarding as can be. Each day, a healthcare professional gets to nurse better the sick, and hopefully, make a major impact...

June 3, 2015

Psychiatrists are tasked with helping those with mental health problems. Those with anxiety, depression, bipolar disorder and schizophrenia report to their...