Healthcare News & Insights

Medical devices can be hacked, DHS warns

The increase in the use of health IT is beneficial for both doctors and patients. But it’s also added some security risks providers must watch out for – including in some unexpected areas. 

One area that’s seen a lot of advancement in terms of technology is patient medical devices used for health monitoring. Many of those are either implanted or external devices that connect to a healthcare provider’s network to allow monitoring and alerting doctors to changes in a patient’s health.

That network connectivity can also leave devices open to attacks from cybercriminals, warned the Department of Homeland Security (DHS) in a recent notice. That could allow hackers to tamper with or steal data from those devices, or use them to gain access to other parts of the provider’s network and steal medical information.

For example, at a conference in 2011, one security researcher demonstrated an attack that could change the settings of an insulin pump without the user’s knowledge. He also found a way an attack could eavesdrop on transmissions from a glucose monitor.

Other vulnerabilities have arisen because of the increasing use of smartphones, tablets and other mobile devices used by doctors that connect to providers’ networks. Those can also be hacked and used by criminals to steal information.

One problem the DHS found with securing devices is that while the FDA regulates the design and manufacture of medical devices, it can’t regulate how they are used or how they connect to networks. That means that many devices which have security features in place may not be properly configured for security.

To protect medical information and patient safety, the DHS recommends providers:

  1. Only purchase devices with documented security capabilities
  2. Include support for on-going patches and updates in vendor contracts
  3. Maintain firewalls and only allow authorized devices to access the network
  4. Segment network activity so devices can only access parts of the network they need, and
  5. Regularly review network configurations and monitor network traffic.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.