Boomer Voice: Can Medical Devices Be Hacked?

November 6, 2013
194 Views

medical device hacking riskThe threat of having an implanted medical device hacked is so real that large groups of professionals are meeting this month to device ways to prevent cyber-attacks on our bodies.

medical device hacking riskThe threat of having an implanted medical device hacked is so real that large groups of professionals are meeting this month to device ways to prevent cyber-attacks on our bodies.

Former Vice President Dick Cheney made headlines a few weeks ago admitting he was worried about cyber-attacks on his heart defibrillator. Plot lines on television shows like the X-Factor and Homeland illustrate death by hacking.  While these methods would be extremely rare, comprised data and device tampering are more likely.

As more Baby Boomers age and need implanted medical devices like defibulators and insulin pumps, experts say they must face these potential vulnerabilities head on.

The Center for Internet Security is hosting first webinar symposium later this month addressing cyber security and healthcare devices.  It recently launched an initiative partnering with device manufacturers and healthcare organizations to create guidelines for protecting the users of this medical technology. 

“The risk is there; although we have had no real life experiences yet, we are trying to stay ahead of the curve and find ways to protect the data” said Will Pelgrin, CEO of (CIS).  “These wireless devices have improved our lives greatly, so it’s extremely important we preserve their integrity.”

So just how vulnerable are medical devices to hackers?

More than half the medical devices sold in America (the world’s largest health-care market) rely on software.  Last year researchers at McAfee, a computer-security firm, said they had found a way to subvert an implanted insulin pump to make it deliver 45 days’ worth of insulin in one go. And a paper published in 2008 by a team led by Kevin Fu, a computer scientist now at the University of Michigan, showed how an implantable defibrillator could be remotely reprogrammed either to withhold therapy or to deliver unnecessary shocks.

There also are risks of malware.  Administrative passwords for devices have been widely available and accessible creating risk for unauthorized access to the device and perhaps to the general enterprise network, explained Dale Nordenberg Executive Director Medical Device Innovation, Safety and Security Consortium (MDISS).

So what’s the prevention plan?

A group of medical device and cyber security experts have joined MDISS to make implanted devices safer.  The groups are developing benchmarks to put best practices in place that include changing the way device passwords can be authenticated, Pelgrin said.

According to Nordenberg, the FDA has recently issued draft guidelines on how device manufacturers should formally address security.  Increased awareness has definitely helped expedite discussion, he said.

In fact, the CIS and MDISS and others are hosting a Mobile Medical Device Benchmark webcast November 14 to expand the conversation, where best practices will be put in place, Pelgrin added.

(medical device / shutterstock)