Who should be concerned with medical device hacking?
Anyone with wearable or implanted medical devices must be aware of the risks. Hackers can break into networks to steal your sensitive data.
It’s pretty simple for a hacker to get into a medical device and start controlling how it functions. They could signal an insulin pump to deliver a lethal dose to a patient or tell a heart monitor to stop working. That’s why medical device designers go above and beyond to safeguard their products against would-be hackers.
What devices have the highest risk of being hacked?
Here are some countermeasures that device makers and healthcare professional are advising as best practices.
Pacemakers and Heart Monitors
Patients wearing pacemakers are told to keep their cellphones at least 6 inches from the device. But what about cellphone interference from hackers?
A hacker can access any wearable or implanted cardiac device. Typically, security vulnerabilities aren’t in the implant device itself. For instance, someone could interfere with the pacemaker by using an external device.
All an attacker would need is a short-range of the affected products. Then they might be able to intercept data using telemetric communication.
There are different vulnerabilities, depending on the network and medical device you’re using. The data collection might be vulnerable even if the device appears to be completely secured with remote control.
MRI Devices
MRI devices are directly plugged into hospital networks. That makes them a prime target for cyber attacks. MRI devices work by exchanging data and images.
Hackers can use MRI devices to enter the hospital network and cause many problems. For instance, hackers could shut down the hospital’s network and demand a ransom. Another cyber security risk is phishing.
Hackers create software that appears to be MRI or defibrillator machine-related. The fake machines draw attempts from healthcare staff to log in.
Healthcare workers enter highly sensitive information, delivering it directly into the hacker’s hands. Each attempt also allows the hackers to download malware.
Hospital Network Hot Spot
Along with holding the hospital’s network for ransom, hackers might also try to extort the healthcare system. They can harvest sensitive patient data and then turn around and sell it on the black market. They could also use the data and information to blackmail individuals.
Many people have private health information they wouldn’t want to become public. Hackers understand this, which is why hospital networks are a prime target.
Anyone using a wearable device that interacts with the hospital network is at risk. You can keep your information safe by following the best practices for preventing medical device hacking.
Motivation for Hackers
What’s the motivation for hacking medical machines, implants, and wearables? There are a few possible reasons.
On an individual level, it could target somebody remotely for a personal vendetta. The hacker could carry out their dubious plot by stopping somebody’s heart or delivering a fatal dose of medication.
Another reason is that hackers look for opportunities to corrupt systems. A program set up to corrupt computers might also be able to affect a medical device.
Insulin Pumps
Insulin pumps are one of the most accessible devices to hack. Cybercriminals can gain access using a mobile app that connects to a vast network. The app that allows the patient to track their glucose level could also allow the hacker to access sensitive information.
If the hacker can take over the app, they could remotely control the insulin pump. Some weak points include the connecting meter, the mobile app, the sensor, and the pump. Since the blood glucose sensor operates on a network, it’s vulnerable from every direction.
Insulin pumps that use open-source software apps have an even higher risk. Hackers can easily access open-source software apps and send commands directly to the insulin pump.
How Patients Can Protect Devices From Hackers
What goes into protecting medical data? Since technology is constantly evolving, ensure you’re complying with every software update. You should also register your device with the manufacturer when you receive it.
Registering your device will make it easier for the manufacturer to reach you with vital information. If there are common cyber threats that you need to be aware of, you’ll be able to find out sooner instead than later. It would help if you also were extra vigilant.
If your device is acting up, don’t write it off. Discuss any malfunctions with your healthcare provider immediately. Along with your doctor, you should also notify the device manufacturer if your medical device isn’t acting correctly.
You can report malfunctions to the FDA. Keep your family and caregivers involved in your mission. Tell them about the devices you’re using, and ask for help if you’re not the best with technology.
Hearing Aids and Cochlear Implants
Cochlear implants and hearing aids are also at risk for medical device hacking. These devices usually use Wi-Fi or Bluetooth. It’s these Wi-Fi and Bluetooth connections that make them vulnerable to attack.
There aren’t a lot of cyber attacks at the moment against hearing aids and cochlear implants. However, it’s good to be aware of the threat. One of the reasons hearing aids have stayed safe so far is the high level of encryption involved.
Quality hearing aids use secure wireless technology and encryption. The best hearing aids don’t connect to Wi-Fi. Instead, they’re only Bluetooth-capable.
Bluetooth is much more secure than Wi-Fi hookups. Unfortunately, many hearing aids have both Wi-Fi and Bluetooth, making them susceptible to hackers.
Advice for Bluetooth Devices
Do you have medical devices that are Bluetooth and Wi-Fi enabled? Avoid rebooting any of your devices when you’re in a public space. If possible, only restart your devices in the privacy of your home.
You should also maintain an active connection with your Bluetooth-enabled devices. Keeping the connection active will make it more difficult for other people to detect or connect to your device. If you’re not using your Bluetooth, switch the device to flight mode.
As a medical device executive search firm, JP Boyle & Associates helps the makers of sophisticated devices maintain security of their products by recruiting subject matter experts that have the knowledge and know how to address cybersecurity risks.
As the healthcare market increasingly embraces connected health, the needs of the market for forward thinking executive talent continues to grow.
Visit our information page to learn more or contact us to begin a dialog.
