Could Hackers Really Hijack Your Medical Device?

Could Hackers Really Hijack Your Medical Device?
Science & Medicine

No one likes to think about a hacker sitting in a basement somewhere downloading your personal information. Imagine you just had a pacemaker installed, only to find out that there is a potential for someone to hack into the device to control its functions. Well, that is a real possibility. The new term for this activity is “medjacking,” or medical device hijacking.

Close to 5 billion smart devices are currently connected to the internet, and a substantial portion of these gadgets are medical devices used to treat patients. As medical devices become more connected, this problem has the potential to intensify.

In fact, a recent report detailed instances of medjacking including passwords being stolen and unauthorized entry into several hospitals’ networks, which resulted in confidential data transmission.

The Threat to You

Medical device experts warn that medical device hacking is a real threat. Wireless devices such as pacemakers, ventilators, and patient-controlled analgesia pumps are at risk. Although no cybercriminal has hacked into these devices, there are still concerns about the impending potential risk.

The risk is so great that the FBI issued a security warning in September citing “medjacking” or medical tech device hacking vulnerability.

“Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety,” the FBI warned.

Related: Digitizing Medical Records for Billions Has Not Helped Patients nor Saved Money

In fact, a few years back, Vice President Dick Cheney had the wireless connection in his heart defibrillator disconnected as a protection mechanism against cyberterrorism.

What’s Being Done

The Food and Drug Administration has recommended that hospital network administrators and medical device manufacturers take several steps to ensure the safety and security of these devices. These steps include:

  • Limiting authorized access to medical devices that connect to the hospital network
  • Protecting individual elements of the device from exploitation
  • Designing the device to function in fail-safe modes
  • Creating retention and recovery modes for the device
  • Monitoring the hospital network for use
  • Evaluating network components
  • Installing security patches to networks if necessary

Many manufacturers integrate these recommendations into their device functioning. However, these standards have not been uniformly adopted. Further, hospitals accept these FDA directives to protect personal safety of the patient, but further improvements need to be made to their networks.

Hospitals also need to introduce safety protocols that foster greater protection of wireless devices. The FDA is working closely with these groups to improve the safety of patients who use wireless medical devices.

What Can You Do to Protect Yourself?

Understanding how your medical devices can be accessed and who has access is a first step. Limiting those who can retrieve your information and your passwords is another important safety measure. Also, finding out how your medical device is manufactured and what inherent safety measures the device contains can be helpful in making decisions about what device you want to use.

Some medical devices use silicone rubber instead of latex, which may offer better thermal and chemical resistance, improved mechanical properties, and insulation or electrical properties that are enhanced.

Medical tech devices could put you at hacking risk. Investigating what your risks are, what is being done by both hospitals and device manufacturers to protect you and how this could impact your device’s function are essential to protecting yourself. Engaging your healthcare provider and hospital in ensuring your protection can also safeguard both you and your loved ones from any potential hacking.