Protecting People's Fears About Hackers In Medical Devices

You receive a notice from your doctor, telling you the FDA is recalling your pacemaker because lax cybersecurity could allow your medical device to be hacked into, giving them the ability to run the batteries down, or even alter your heartbeat.

It’s the stuff horror novels are written about. And unfortunately, it’s all too true.

Hackers are increasingly taking advantage of weak security in healthcare. And when medical instruments are a part of the process, it can hit too close to home for medical patients. We now find ourselves with a need to protect patients so that attackers don’t gain control and push medical issues to the limits. With these vulnerable medical devices, it also leaves a hole wide open as potential entry points to hospital networks. That could mean theft of medical records, or worse, give hackers a new way of holding people hostage.

The Internet of Things is changing the way we do everything, including our approach to medicine. In US hospitals today, the average bed uses 10 to 15 devices to connect and monitor the patient. In a large hospital, it can have as many as 5,000 beds. And those numbers are only going to continue to go up in favor of connectivity.

We tend to think our healthcare system is a bogged down, heavily regulated industry that doesn’t allow room for quick change. But because of the benefits IoT has on caring for patients, the change has been a lot quicker than what most imagine. And that creates an industry ripe for opportunity to would-be hackers.

Don’t expect the healthcare sector to stay out of the limelight for potential threats. We may be seeing financial sector issues pop up in the news regularly now, but it’s only a matter of time for those news stories to be replaced by problems in the medical niche, specifically targeting medical devices. That’s partly because they are such easy targets. There are currently tens of thousands of healthcare-related devices that are easily discovered through Shodan, a search engine for connected devices.

Not all devices are vulnerable to attack. But the fact is if they exist and are connected to the Internet, they are vulnerable to exploitation. The challenge lies in identifying all of the weak points within a device or program, and coming up with a plan for how to secure it from all angles.

That’s the course of action we now must plan for.


Or face the consequences.