I saw an episode of Elementary a couple weeks ago in which a hired assassin killed someone by hacking into his pacemaker and cranking up the voltage to cause a heart attack. Initially I thought maybe crime shows were just stepping up their game, trying to find more creative ways to kill people off. But I still wondered if it was really possible. These days many medical devices, whether implanted or not, are connected to the internet so that doctors can collect data regarding patient health and treatment. However, these devices are more vulnerable than we realize.

In September 2012, the Government Accountability Office issued a report warning that hacking of internet connected medical devices could pose a safety risk, focusing mostly on implantable defibrillators and insulin pumps.1 At a conference last year, Barnaby Jack, a security researcher at McAfee, delivered an 830 volt shock to a reverse-engineered pacemaker from 50 feet away, lending some credence to the method of assassination chosen for that episode of Elementary.2 He also demonstrated how to identify and compromise infusion pumps that use wireless communication.2

Hospital computer systems are also notoriously susceptible to being infected with malware. Many run outdated versions of operating systems that manufacturers do not permit to be modified with updates or security patches, often at least partially because of regulatory restrictions.1 Nearly 21 million Americans’ electronic medical records have been lost or stolen since 2009 according to HIPAA records, and in July 2012, hackers in Chicago broke into a medical practice’s server and held patient electronic medical records for ransom.3 While internet connectivity in medical devices and hospital systems has brought advancements in efficiency and quality of care, it’s clear that there is still a great need for security against these kinds of threats.

What kinds of security risks have you encountered with internet connected medical devices? Have you found any solutions you’d like to share?

-KB

1 Talbot, David. “Computer Viruses are ‘Rampant’ on Medical Devices in Hospitals,” MIT Technology Review online, 10/17/2012.

2 Wadhwa, Tarun. “Yes, You Can Hack a Pacemaker (And Other Medical Devices Too),” Forbes online, 12/06/2012.

3 Ungerleider, Neal. “Medical Cybercrime: The Next Frontier,” Fast Company online, 08/15/2012.

We are passionate about your success. Tell us more about your regulatory and quality needs to learn about how we can help.

Book a Consultation

GLOBAL BOTTOM CTA INSTRUCTIONS:

To display custom copy instead of global copy in this section, please go to Show Global Content for Bottom CTA? toggle in the "Contents" tab to the left, toggle it off, save, and then REFRESH the page editor, the custom text will then show up and ready to be edited.

Turning the global content back on will be the same process, go to the toggle and toggle it back on, save and refresh!