Healthcare News & Insights

Wireless tech makes hospital & patients very vulnerable to hackers

Did you hear the story about the guy who wirelessly hacked a patient’s defibrillator to make it give a shock? He also disabled the defibrillator’s power-saving mode, causing the battery to run down in hours instead of years.

Luckily, in the case above, Kevin Fu, the hacker, was an assistant professor in computer science at the University of Massachusetts, Amherst, and was conducting research to see if it was possible to hack a defibrillator — and if so, what means manufacturers could take to keep it from happening.

While this type of research may seem far-fetched to some, it’s not. There are people who are just looking to do harm. And wireless technology gives them the means to do it.

Of course wireless technology is nothing new, but as more and more medical professionals use wireless medical devices for the diagnosis, treatment and monitoring of patients, the medical world is opening itself up to hackers. And since many medical devices use commercial operating systems, they’re as vulnerable to hacker attacks as computers.

So much so that it’s now a major concern of the U.S. Department of Homeland Security (DHS).

Computerworld recently reported that DHS issued a bulletin warning that while new technology brings efficiency, lower costs and better patient care, it also carries security risks the healthcare industry may not be prepared for.

According to a 2011 survey by the Healthcare Information and Management Systems Society, the healthcare industry probably isn’t prepared. The study found that a quarter of hospitals who responded didn’t perform annual evaluations to determine patient data risks within their facilities. And most of the respondents reported only spending 3% or less of their IT budget on security.

DHS security recommendations

To secure medical devices, DHS recommends that hospitals:

  • buy only devices that IT can configure on its network
  • purchase vendor support for firmware, patching and anti-virus updates
  • maintain external-facing firewalls
  • deploy network monitoring and intrusion detection techniques
  • place devices whenever possible on separate segments of the network
  • implement strict access policies, and
  • use encryption and authentication at all ends of the communication channel.

Do you have any other devices for keeping your medical devices and patients safe? If so, share them in the comments box below.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.