Why Implantable Medical Devices Are Easily Hacked

It’s hard to imagine healthcare without technology. It exists in every aspect, from signing up patients on a website to tracking personal data using wearable technology. We use it to virtually connect with patients and experts, and help control medications and diseases.

It’s no wonder that implantable medical devices are on the rise. According to an industry growth report, the global active implantable medical devices market is expected to grow 7.76 percent per year over the next five years.

What are implantable medical devices?

Implantable medical devices are utilized for both diagnostic and therapeutic reasons. They are objects fixed into the body to assist with performance. Wireless communication connects the device to health professionals, relaying patient data. They can also be used for function, helping administer medication or treatment, provide electronic stimulation, or control other tasks throughout the body.

One of the biggest reasons implantable medical devices are risky is because they lack adequate security. Manufacturers spend time developing the product with security as an afterthought. The wireless service might not encrypt data, which increases the likelihood of a hack. This type of hack can be even more dangerous than taking over standard PHI because it allows hackers to play with treatment, with the potential to lethally harm the patient.

Why implantable medical devices have vulnerability

Look no further than the news for evidence that implantable medical devices can leave patients vulnerable.

In March 2019, Medtronic experienced a threat with their cardiac devices connected to wireless telemetry technology. It would read and send data back to a patient’s physician using an in-home system, allowing doctors to monitor heart health remotely. It was found to have many vulnerabilities because it did not use encryption, authentication, or authorization.

Medtronic had another issue in June 2019 with its Medtronic MiniMed insulin pumps. Cybersecurity vulnerabilities allowed unauthorized persons to change the pump’s settings to either over-deliver insulin, or stop delivery altogether.

It’s important to note that while the FDA is not solely responsible for governing the cybersecurity of medical devices, it works closely with other organizations to ensure the safety of these devices. It’s not up to the FDA to regulate changes made to medical devices, but rather the device company itself should monitor any and all changes to ensure they are safe for human consumption.

What do you need to ensure security with the implantable medical devices you use? 

When you introduce implantable medical devices into your practice, you must protect the firmware from tampering, secure all communication, ensure the data stored are well protected, and prevent the device from all cyberattacks.

There is no “one size fits all” solution to ensure this happens. Instead, it’s up to you, the user, to ensure every company and device you are working with meets specific guidelines. Things to include are:

  • Strong authentication using password protocols
  • Secured communication encryption to and from the device
  • Embedded firewalls to protect against cyberattacks
  • Intrusion detection
  • An integrated security management system that allows updates to further protect against new threats
  • Device tampering detection

Have questions about any technology you bring into your practice? Start asking questions from the very beginning. At a minimum, you should ensure the latest security protocols and technologies are in place, and updated regularly to keep you, your patients, and your practice well protected.

Is the technology you use in your practice fully secured?

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.