Many Common Medical Devices Could be Vulnerable to Hackers
The healthcare system has a problem with medical device hacks. The hackers responsible have been able to successfully get into a hospital’s wireless printers as well as gain access to a hospital’s entire data systems. They’ve taken over electronic records as well as been able to lock a hospital out of its own website. Medical regulators are now preparing for the next wave of healthcare system electronic hacking: medical devices.
Medical Device Hacks: Easy Targets
It has been estimated there are over 35,000 individuals using some type of medical device and many could be vulnerable to a cybersecurity attack. These medical devices are publicly exposed and very likely to be targeted by hackers. Research has shown many of these devices still utilize old operating systems and have other cybersecurity flaws.
Dangerous Features
The medical devices most vulnerable to hacking have remote monitoring, wireless connectivity as well as near-field communication and more. These are popular features in many medical devices. They enable healthcare professionals to more accurately adjust devices implanted in a patient remotely and not require an invasive procedure. The technology of these medical devices and their design also make them more vulnerable to hackers.
Food And Drug Administration
The FDA is concerned about medical devices being taken over by hackers. They are working with other agencies in the federal government to create a coordinated response. The FDA is preparing for the possibility of significant numbers of medical devices being hacked. Medical device manufacturers are being warned to prepare their products to function in a hostile cyber environment.
Insulin Pump
In 2014, Johnson and Johnson was forced to inform its customers the insulin pumps they provided were susceptible to a cybersecurity attack. Hackers could gain access to them and cause the insulin pumps to deliver a fatal overdose of insulin. The insulin pump was equipped with a wireless controller. This is what made is vulnerable to hackers.
Syringe Infusion Pump
The Department of Homeland Security (DHS) warned the healthcare industry of a cybersecurity flaw in a syringe infusion pump. This medical device was made to provide a patient with frequent, small doses of a particular medication. These types of infusion pumps are often used in acute care settings. This particular cybersecurity flaw was discovered by an independent researcher. The researcher warned that successful hacking of these infusion pumps would enable a hacker to gain access to the pump’s operation. This would make it possible for hackers to alter the amount of medication given to a patient.
Industry Response
One of the major moves to try and combat the hacking of common medical devices is information sharing among device makers. The healthcare community has developed an information sharing group that consists of healthcare providers and medical device manufacturers. The U.S. Congress is working with the healthcare industry as well as the medical device manufacturing industry on this issue. The goal is to develop an effective plan to get these industries on the same level of cybersecurity as the financial sector.
Cybersecurity Improvements
Many medical devices currently in use often go unpatched, unencrypted. It is the result of IT teams who take care of information systems and clinical engineering teams failing to communicate with one another. The FDA has suggested this situation requires oversight. It has delayed as well as blocked certain medical devices from being released into the market because of cybersecurity issues. The FDA has made certain new medical devices currently available have significantly improved cybersecurity protections.
Measures are slowly being put in place to address the issues of medical device hacks. The efforts of securing existing medical devices are slowly progressing. Developing cyber protections for new and old medical devices is a gradual process that is quickly gaining momentum.
Learn more about Medical Device News.