Data analysis, cloud computing and other Digital Age technologies have improved the health of countless medical patients. Yet these advances have a very real cost: Exposure to the malicious actions of hackers and other security threats.
As a recent article in Wired illustrated, companies in the medical field are mitigating these risks. Johnson & Johnson issued a public alert about security issues related to their insulin pumps. St. Jude addressed similar issues with their defibrillators, and former Vice President Dick Cheney even took action to better protect his pacemaker from hackers.
These actions are merely the first wave of responses to the looming security threat associated with medical devices. Let's take a closer look at how these risks are developing, and how patients can best protect themselves.
The emergence of a new security threat
If you've never heard the phrase "The Internet of Things," the idea is fairly simple. Imagine a vast network of smart connected devices and vehicles, capable of gathering, exchanging and analyzing critical data. This network could include everything from the refrigerator or thermostat in your home to the car you drive every day.
Connected devices help processes run much more efficiently. Yet because of that connectivity, they are vulnerable to outside risks. Hackers, for example, could seize control of your thermostat or vehicle. They can also do the same thing with medical devices.
In June, 2017, security experts issued a warning about the "Petya" ransomware attack (ransomware is a type of security intrusion where hackers hold computers or devices ransom in exchange for payments). In the case of Petya, hospital computers were among those targeted by the attack. Shortly prior to that event, a similar cyberattack was responsible for shutting down dozens of hospitals in the United Kingdom, as computers, storage facilities and MRI machines were all affected.
The vulnerabilities associated with such attacks are wide-ranging. Along with MRI machines and computers, insulin pumps or anesthesia equipment are vulnerable to manipulation, potentially delivering the wrong dose to patients. The effects of such attacks would be terrifying and deadly.
Experts say hospital IT systems are especially vulnerable because they have older infrastructure and software. Such systems may no longer receive the most recent security patches. Personnel issues are also a concern, as one study showed that only 15-percent of hospitals have a qualified online security worker on staff.
These same experts point out that the expected lifespan of medical devices is often much longer than the lifespan of the underlying software running the machine. Some devices last 30 years, while the software lasts only one-third as long.
Patients concerned about these risks should research the cybersecurity protocols or capabilities of any medical center they visit (or device they use). If you can't find this information, direct all relevant questions to hospital administrators or staff.
Patients who have been the victim of a cybersecurity lapse, on the other hand, should seek counsel from an attorney. Because these issues are complex and the security landscape is constantly evolving, it's important to consult with an experienced legal advocate.