Hacking Medical Devices

Back to News & Insights

Medical devices can save lives, but also present security risks.

Today, some of the biggest breakthroughs in health care technology are coming in the form of digitization and smart devices. Many of these devices are actually being implanted inside patients and are still capable of a wireless connection with external computers.

While implanted medical devices can save lives or extend the quality of life in patients suffering from chronic illnesses, they come with serious security risks. You might think that thieves aren’t trying to hack into medical devices, but you would be wrong.

Medical equipment is increasingly vulnerable

Both digital security professionals and medical providers have been aware of these security risks for some time. Back in 2012, The MIT Technology Review published an article stating that hospital equipment is increasingly vulnerable to malware infection.

For instance, the paper examined Beth Israel Deaconess Medical Center in Boston, where 664 pieces of medical equipment were running on an older version of the Microsoft Windows operating system. If you’ve ever owned a computer for a long period of time, you’ve probably learned that failing to upgrade your operating system with the necessary security software can lead to vulnerabilities. The same was true here. The manufacturers reportedly did not want to upgrade, fearing that any modifications to the existing system would violate FDA rules. This meant that devices connected to the internet could have been targeted by hackers.

“Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems,” Kevin Fu, a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, told the MIT Technology Review. “There’s little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches.”

The FDA has continued to issue warnings about devices with potential security flaws. For instance, it issued a safety notice about an infusion pump that was used in hospitals all over the country to deliver specific amounts of fluids to patients’ bodies, according to Popular Science. The problem was that hackers could access the wireless connection and adjust the device’s function, potentially harming the patient.

Medical information could be at risk

Security vulnerabilities in medical devices don’t just present bodily risks. The wide range of connected devices used by the medical industry are designed to make the job of caring for patients easier, but may actually leave digital medical records more open to tampering and outright theft.

Wi-Fi connections may be helpful for doctors on the move, but they also offer an indistinct range of security, and while personal data is frequently transmitted between devices, it’s not always encrypted. These are but a few of the issues that plague security efforts in the medical industry. As long as the technology remains, patients may have to follow other avenues to ensure that their personal records remain secure when they seek treatment.

Credit monitoring is a great tool for detecting identity theft, because it’s an ongoing review of credit accounts and credit inquiries associated with your personal information. Privacy Now’s direct data feeds from all 3 credit bureaus can rapidly track account inquiries and activity to provide near real-time alerts. Combined with comprehensive early warning detection alerts of new account openings, subscribers can take action before damage is done. No one likes to be the last person to know, with Privacy Now you don’t have to.