We are all aware that the world is becoming more connected. It is estimated that there will be around 26 billion internet connected devices worldwide by 2020 –a large proportion of which are related to health and healthcare. According to research – students are spending between 9 – 10 hours per day ‘engaged’ with their mobile device managing their banking, fitness and retail in addition to communication. If we are relying more and more on our devices to manage our lifestyle, including our health, what are the risks?
The Internet of Things (IoT) is the term used to describe the interconnection of multiple devices through the use of radio frequency technology, which enables the exchange of data across a range of sectors. The IoT has particular relevance for the healthcare sector, where it already delivers health data from wearable or implantable devices monitoring a range of metrics which may be processed through mobile device apps (mHealth) and transmitted to healthcare professionals. It is employed across many medical devices, from pacemakers to drug pumps, mobile medical workstations, in-home monitors, to personal fitness devices.
A networked medical device is one that has the capability of connecting to the internet. Such devices are generally separated into four groups:
i) Consumer health monitoring (e.g., FitBit – using Bluetooth with nearby personal mobile devices)
ii) Wearable (e.g. portable insulin pumps – using proprietary wireless protocols to communicate)
iii) Embedded (e.g. pacemakers – implanted into the patient but communicate wirelessly)
iv) Stationary (e.g. chemotherapy dispensing stations – using WiFi to connect to hospital networks)
However, as the market for inter-connected medical devices expands, they have become a new target for cyber attacks. In a report published in June 2015, one cyber defence company reported a case at an unnamed hospital where hackers were able to plant malware in surgical blood gas analysers. The hackers then used the equipment as a back door to find passwords throughout the hospital’s IT systems and leak sensitive information. In another incident, a hospital’s radiology department’s image storage system was used to access data from the hospital’s main network. The term coined to describe this type of cyber attack is ‘Medjacking’.
Technology can provide many answers to the challenges faced by healthcare providers. It can bring new and effective treatments, allowing patients to be treated remotely, which also has significant cost-saving benefits. However, the increasing use of technology means that more and more data is being held by healthcare providers and the high value of that data means that they have become increasingly attractive targets for hackers. The focus of technological development, therefore, should not only be effectiveness of the devices but also the security of the data they handle.
Written by Greg McEwen, healthcare partner