In 2011, at a hacking convention known as Black Hat, a security researcher and insulin pump user demonstrated how he could remotely disable and modify his insulin pump over a wireless connection using inexpensive and readily available equipment.
In 2012, another security researcher demonstrated how he could capture and reverse engineer wireless communication from an Implantable Cardioverter Defibrillator (ICD) and cause the device to deliver a lethal shock to the heart.
Then this year another security researcher was able to connect to a commonly used infusion pump and alter the firmware (the software on the device that provides the rules for how it communicates with other hardware) which could give the hacker complete control of the device allowing an overdose to be given while disabling the alarm.
Far fetched you say? Consider that former vice president Dick Cheney, who has an ICD, recently revealed that he and his doctor were concerned enough that the wireless capabilities of his device were disabled.
The US Food and Drug Administration also seems to be taking this issue seriously. A quick search of their medical devices page returned 73 different communications about cybersecurity in medical devices since 2013. Clearly this is not another overblown issue like Y2K.
HOW CAN THESE DEVICES BE HACKED?
In the case of the infusion pumps, it is related to the connection that these devices have with the Internet. Most pumps have the capability to be hooked up to a network so that remote monitoring can be done and so that firmware updates can be released from the manufacturer to fix bugs or (ironically) security issues.
Security researchers are able to hijack the device through the internet connection and modify it to basically reprogram the pump. ICD’S are hacked in a similar fashion by analyzing and spoofing the wireless signal used to program the device. One method is to simply issue battery intensive commands rendering the device powerless while another is delivering a lethal shock as noted above.
The insulin pump example given can be done either by modifying the continuous glucose monitor (CGM) (again through spoofing wireless transmissions) to give a higher reading than actually exists or to directly change the configuration settings on the pump itself on how insulin doses are calculated.
It is important to remember that these are potential attacks. While it is true that this is a potentially life threatening risk, non of these attacks have happened in real life. That doesn’t mean that we should disregard the risk and as we dig deeper into this issue in part 2, we will see that a much larger issue is hiding beneath the vulnerability of medical devices to hackers.
Bio:
Jeff Harris is a Pharmacist with over 25 years of leadership experience in hospital, retail, and home health environments. Due to a spinal cord injury, he is currently on long term disability. Jeff is passionate about patient safety, risk management and cybersecurity issues in healthcare. He continues to research and write about improving healthcare on a pro-bono basis.