Emerging healthcare PR concern: 'Body hacking' and medical device security threats
Few would argue that, for healthcare, a patient’s wellbeing is Job One. And, generally speaking, most regard the move towards increased connectivity among stakeholders as advancing that mission.
But greater connectivity likewise leads to greater vulnerability manifested in threats to patient privacy and security—a concern shared by providers, payers and healthcare PR professionals alike. It’s the “dark side of connectivity,” as noted in the World Economic Forum’s report on global risk for 2012.
HIT leaders have felt the burn, with the almost daily breaches of PHI and tightening of HIPAA regulations. And now with the industry’s shift to wireless devices come new threats that go beyond mobile device management.
Last month news about the death of “white hat” hacker Barnaby Jack brought attention to a generally little-known concern about the security of wireless medical devices. The researcher’s death at 36 is as surprising as the demonstration he was set to present at the Black Hat Conference in Las Vegas: showing how he could remotely take control of a pacemaker to make it deliver a lethal shock—essentially hacking into a patient’s body.
As Bill Maisel, deputy director for science at the FDA’s Center for Devices and Radiological Health, recently told Bloomberg News, “It’s not hard to see where the technology is going. It’s not just about the vulnerability in the one implantable device the researcher was able to get into. We’re headed to interconnectedness, to connected health care.”
The news is not only a wake-up call for healthcare technology, which is playing catch-up to other industries, but it affords an opening for tech vendors to further differentiate their products and services through outreach, marketing and PR.
Millions of people in the U.S. already have wireless implantable medical devices (IMDs), such as pacemakers, cardiac defibrillators, insulin pumps, and neurostimulators—and about 300,000 such IMDs are implanted every year, according to researchers at the Massachusetts Institute of Technology. The software on these devices monitors, records and stores private patient information, communicating wirelessly with other computers and responding to changes in doctors’ orders.
Demonstrations at hacker conferences like Black Hat and Defcon have shown that wireless connectivity can be exploited to compromise an IMD’s transmitted data or to send unauthorized commands. They have managed such feats as:
- Turning off a pacemaker via remote control;
- Intercepting the wireless signals between an implanted glucose sensor and a linked insulin pump (prompting Medtronic, a leading manufacturer of insulin pumps, to contact security experts at McAfee to investigate the safety of its devices);
- Dumping a lethal dose of insulin into an artificial pancreas in a mannequin from a distance of 300 feet; and
- Delivering an 830-volt shock to a pacemaker from 50 feet away (calling to mind the murder of the Vice President in season two of Homeland).
Far away from Vegas’ bright lights and rivers of vodka, researchers at the University of Michigan’s Ann Arbor Research Center for Medical Device Security have been quietly working on ways to tighten security. The center is a cross-disciplinary research initiative on medical device security, privacy, safety and effectiveness.
Currently, eavesdroppers can intercept the wireless signals to obtain personal patient data. Moreover, the device software can be easily overridden because physicians need to be able to communicate with it whether or not they know the serial and model numbers. This leaves a back door for anyone to be able to retrieve that data. A worm implanted on one pacemaker could, theoretically, spread from patient to patient to commit mass murder. And these dangers extend to computerized hospital equipment, which is increasingly vulnerable to malware infection.
Director Kevin Fu and his team of computer engineers are exploring the design challenges for secure IMDs. They have created the first non-invasive workaround—an external shield worn like a patch over the device that can jam signals and safely exchange information. This is one of a number of new ideas coming out of the think tank that require no modification to the device itself. This last point is critical because once a device is approved by the FDA, its software cannot be changed, even for a security patch.
Government regulators are beginning to take these concerns into account:
- In June, the Department of Homeland Security issued an alert that about 300 medical devices from 40 vendors had password vulnerability problems. The devices fell into a broad range of categories including surgical and anesthesia devices, ventilators, drug infusion pumps, external defibrillators and patient monitors.
- That same day, the FDA published guidelines for device manufacturers and healthcare facilities to ensure that safeguards are in place to reduce the risk of cyberattack, noting that “medical devices are increasingly interconnected, via the Internet, hospital networks, other medical devices, and smartphones” that could affect how not only the devices but the hospital network operations as well.
A lot has been made of the “dark side” of connectivity and the potential for harm is growing as more products feature wireless technology. HIT vendors recognize not only the patient’s vulnerability, but theirs as well: There is no way for healthcare PR professionals to “spin” a news story about patients being harmed because a medical device was hacked.
But there is great value for vendors who proactively acknowledge and take steps to prevent exposure to the “body hacking risk.” That makes for good news, good business and good PR! Vendors that work with federal agencies, hospital systems and security researchers to improve the security of their devices have a marketing campaign that writes itself.