Security and Privacy Issues of Connected Medical Devices


Mar 22, 2019

Mar 22, 2019


The healthcare sector is developing more technologically advanced devices aimed at making healthcare more accurate and safer. While the goal is to accelerate the body's capacity to heal, computer-hacking threats to these devices that millions of people depend on pose serious issues. It is also not a surprise why hackers are extremely interested in health record data; while social security number is worth 10 cents on the dark web, and credit card 25 cents, medical health record data could be worth hundreds or even thousands of dollars. This means trouble not only for healthcare providers but also the patients they help.

Innovation of Medical Devices and Its Security Problems

The FDA defines medical devices as any apparatus or machine that can help diagnose, prevent, or treat injuries or diseases. Simple tongue depressors and stethoscopes aid doctors in an annual check-up. The same could be said for sophisticated MRI scanners and vital monitors.

More recently, brain implants have gained attention for treating seizures and OCD; and in 2017, companies started developing pill dispensers that are automated to give prescribed medication in a timely manner to patients and fulfills requests for refills at the local pharmacy.  As these devices are connected to the Internet in order to better track a patients health or the dispensation of pills, there are issues of keeping these devices safe from cyber threats including:

Faulty Connections and Ports:

Aside from physically losing medical devices, another way of jeopardizing important medical data is through connecting to unsecured Wi-Fi. As the Service Set Identifier (SSID) of a device is broadcasted, malicious actors nearby might take interest and use their computers to gain access to the gadget. Because the Wi-Fi connection is not secure, a hacker can gain access to the medical data stored in the device.

The same goes for connecting medical devices to USB ports. If the information on the device is not encrypted, then the data can be read without need for permission.

Industry and Regulation:

The root cause of the previous issue is partly caused by the manufacturers of medical devices, 96% of health providers believes that manufacturers are partly the cause of existing security issues since they produce out-of-date operating systems and lack the ability to patch devices.

Simultaneously, the health providers are confronted with internal strains and do not have enough resources for adequate security measures, 76% of providers indicate that their internal resources are not enough to secure the devices.

How to Secure Medical Devices

As healthcare providers are sworn to the oath of protecting their patients lives, it is important to prioritize device security since millions of people depend on those devices. Aside from FDAs recommendations on protecting medical devices, here are other tips to keep in mind:

Use Encryption:

Encrypting data that is stored or transferred is not only a basic tactic for strengthening security but also a crucial one. This protects the information from misuse or theft while connected to Wi-Fi or a USB port.

Request for Unique SSIDs:

Device manufacturers usually give the same SSIDs to all their devices. As a result, even before these devices are released to the market, cybercriminals already know what the device names are and can easily track them down on Wi-Fi networks. To avoid this, manufacturers should allow device owners to create unique SSIDs to prevent hackers from recognizing the device.

Secure Systems:

Hospitals and clinics should also make sure that their networks and systems are secure. Keeping the Wi-Fi connection secure and the system updated with security tools such as firewalls and data loss prevention help strengthen the network defenses against cyberattacks. Through these resources, information is protected whether stored in the database or in transit in an email. There is also an option of automating these responses so that monitoring and reporting is instantaneous once the system boots up.

Create A Security Strategy:

In the event of a crisis, it is important to have a contingency plan to minimize damage and mitigate the risks and impacts in case of a security breach. Cyber attacks have evolved to bypass traditional security measures. Therefore, gathering knowledge and insight from cybersecurity experts who have the best current security solutions is required.

With the success of medical technology in the recent years, it is no surprise that there is an increasing demand for medical devices. However, putting the needs of the patient first means placing importance on their data privacy. This will not only help the patient but the whole healthcare industry in the long run.

Talk to Us

Wilson Consulting Group is an innovative global cybersecurity consulting firm. We offer Vulnerability Assessment Services to evaluate any threats that your organization may face and provide solutions to combat those.

Subscription Center

Stay in the Know with Our Newsletter