In June 2017, a new ransomware known as ‘Petya’ quickly spread to countries including the United States and many hospital computers were attacked. Experts warned then that not just the computers, even medical devices were hacked. In May, last year, ‘WannaCry’ was able to shut down 60+ hospitals in the United Kingdom – affecting computers, MRI machines and storage refrigerators. With medical data entry becoming more of a profession, there is a huge amount of data stored in hospital computers and such an attack could risk the very existence of the hospital. A hack on medical devices is very costly because it risks the lives of patients. The possibility that a hacker can take over devices that help people live is making healthcare professionals extremely watchful.
Technology in fitness and wellness has made a huge impact in people’s lives – by helping them track their calorie intake and calories burnt, and there are apps that help people measure their number of steps and heart rate. With telehealth, patients are able to get their health monitored as and when needed. But that is not just it. Wireless implantable medical devices such as pacemakers, insulin pumps, gastric stimulators and the likes have become very crucial. But with advancements in technology, come wicked people who want to exploit it. Healthcare providers, makers of various life-saving devices, and the government must work together to limit and completely stop the risks of being attacked. In any field, it is important to strengthen security, and it is no different in medical sector.
Three main medical devices that raise concern over these threats are:
- Pacemaker, the device which uses electrical impulses to regulate heart beats
- Implantable cardiac defibrillators (ICD), the battery-powered device placed under the skin to track heartbeats
- Insulin pump – the device used for administering insulin in the treatment of diabetes mellitus
While pacemakers and ICDs are wireless transmitters and allow doctors to change instructions in the device, insulin pumps work by a wireless remote control which the patients themselves use to manage their insulin settings. Vulnerabilities come in different ways for these devices. The wireless communication, if not properly encrypted, can be used by the cyber attacker or hacker to manipulate the data and the remote control can give them control of the device.
A hack need not be just targeted at individuals. Cyber attacks can be on an entire hospital network or to extort money from the device makers. To improve the security of these vulnerable, important medical devices, some things have to be considered:
- quick response to risks of cyber security
- establish how cyber security is handled and disclosed
- manufacturers must share information so that it is easy to respond to risks.
“While device manufacturers, to my mind, have a clear duty of care to ensure that their devices have built-in security and can be regularly patched and updated, there’s dual responsibility here, because hospitals must ensure that they’re carrying out that work and that they are implementing these devices in a secure way and connecting them to hospital networks appropriately”, says the head of cyber security in healthcare practice at KPMG, Caroline Rivett. What is essential is clearly understanding the benefits of these devices and the risks involved. While hackers are keen on altering the data in these devices, it can be challenging for healthcare providers to give the assurance to patients that they are safe!
Hospitals and doctors can ensure that their patient data is safe in their database, thanks to medical data entry services offered as outsourced solutions, and benefit from cost and time savings. This is of course a great advantage offered by technological advances, but one cannot ignore the fact that technology also brings the risk of cyber attackers who have eyes even on medical devices that help people survive.