Can Hackers Hijack Medical Devices?

medical devices

Patients who rely on medical devices now have something more to worry about than just device malfunctions or defects.  In today’s digital age, patients now have to worry about hackers compromising their healthcare and safety.

At Drug and Device Watch, our goal is to make sure that patients and consumers have all the facts about the devices that they use.  As technology has advanced in recent years, so have the potential risks.  Now more than ever, it is important that consumers are aware of digital threats.

A Problem for Medical Devices in the Digital Age

In 2018, Health Management Concepts in Jupiter, FL was compromised by hackers.  The personal information of more than half a million people were placed at risk when the hackers demanded a ransom in exchange for releasing control of the system back to the company.  The hackers froze the patient network until they received their ransom.

Imagine all of the online devices in a large hospital unable to communicate with one another and healthcare providers.  The facility had no choice but to pay the ransom in order to get back into their network.  There was no time to do anything else.  Without access to their patients’ electronic files, lives were at stake.

Hospitals and other large medical businesses are desirable targets for hackers for three reasons:

  • Hackers know compromising patient safety will be met with urgency.
  • Hacker payoffs will be higher than spending effort hacking an individual or smaller business.
  • Medical businesses are vulnerable to attack.

Why the Healthcare Industry is Vulnerable

Medical testing machines like MRIs, as well as personal medical devices, are susceptible to hacking.  In this day and age, any device connected wirelessly to the internet can be hacked.  For the first time in history, most medical devices are online.  Devices such as defibrillators, insulin pumps, and pacemakers have transformed the lives of millions of patients, but the great technological leap forward seems to have come with an unexpected cost.

As technology continues to advance at such a rapid pace, device manufacturers struggle to protect the security of medical devices.  One reason medical devices are so vulnerable to cyber attack is the need for periodic software updates.

Think about how often your devices prompt you to update them.  Now imagine your smartphone is a medical device that helps keep someone alive.  A lot of hospitals and other medical institutions just don’t have the manpower or infrastructure to keep medical devices updated with the latest software.

Not only does missing an update put devices at risk of cyber attack, but outdated software can also cause the device to malfunction, further endangering an already fragile patient’s health.

Hacking Medical Devices Places Patients at Risk

Almost all patient information is stored electronically and shared via an internal network.  Medical devices need internet connections to upload data and advise the wearer accordingly.  Likewise, medical devices including ventilators, heart monitors, and surgical equipment in a hospital setting rely on data communicated over a network to function properly.

The sheer number of ways that patients can be harmed when this fragile web of electronic communication fails is mind-boggling.  Imagine a patient in the middle of a surgery whose surgeons must stop their work because of a cyber attack.  Without an experienced surgeon who would know how to save a patient without all the modern devices, that patient would surely die.

Even under less dramatic circumstances, patient safety is easily compromised due to the vulnerability of medical computer networks.  For instance, an interruption in testing machines, such as an ultrasound or MRI, could delay a doctor’s diagnosis and the patient’s subsequent treatment.

It’s unthinkable that anyone would endanger the lives of innocent patients for a financial payoff, but the large-scale breach in Florida last year is just one of 26 data breaches against medical facilities under investigation by the government.  Hospitals and medical facilities are not immune to the threat of hackers despite current policies and procedures.

What Could Happen if Your Medical Device is Hacked

Personal medical devices are also susceptible to cyber attacks.  It is crucial that you promptly install every software update available for your device, not only for cyber security but also to ensure your device continues to work properly.

If your device is hacked:

  • A hacker could encrypt the data until you pay a ransom, rendering the device useless.
  • Your personal information can be stolen and sold.
  • Your device may begin to malfunction or may fail to function when you need it to.
  • The hacker may change and manipulate the settings on the device.

Truly, if your personal medical device is hacked, your life could be at risk.  Patients should take care when using any sort of connected device to learn about the risks and what can be done to prevent digital intrusions.

What is Phishing?

Phishing is one of the main ways hackers get the information they need to break into secure networks.  A “phishing” email is one that falsely represents a company with whom you may have a connection.  For instance, a phishing email may say it is from your medical device manufacturer and ask for the password to your device management account.  You then unwittingly grant access to your account to someone with devious intentions.

Medical staff members also fall victim to phishing.  Sometimes, nurses or staff members release information about a hospital network to someone claiming they are a network administrator or a representative of a device company.  This opens the door for a cyber attack.  Most hospitals don’t train staff members or medical device techs on cyber security.  This is a vulnerability of which hackers are taking full advantage.

How Manufacturers Can Protect Patient Safety

First, medical device manufacturers can include the threat of cyber attack in the training materials used for their devices.  A lot of medical professionals and patients will leave a default password on devices.  Hackers know this, and they use it to breach device and network security.

In response to a guide recently published by the U.S.  Food and Drug Administration (FDA), medical device manufactures are scrambling to make changes to their products so that they can continue to market them with FDA approval. The federal agency identified a list of hardware and software components that are vulnerable to cyber attack, and manufacturers may no longer use these in their devices.

As manufacturers struggle to keep medical devices secure, hospitals are also lagging behind the curve.  To stay secure, large medical facilities must upgrade equipment.  Older machines are more vulnerable to attack, but many hospitals have not found upgrades of this nature to be a priority.

Has a Cyber Attack Impacted Your Medical Device?

Ultimately, hackers will continue to compromise medical devices and patient safety until manufacturers and hospitals take aggressive steps to safeguard networks.  These networks are essential to operating medical devices, monitoring use, and keeping patients alive.  Hospitals and other medical facilities also have a responsibility to protect patient information from cyber attack.

When medical device manufacturers, hospitals, or medical information companies fail to implement digital safeguards, patient lives and financial stability are placed at risk.  If you have suffered harm due to a data breach, speak with an attorney at Drug and Device Watch to learn about your legal rights.  You may have options for recovering financial losses caused by a digital attack.  Call Drug and Device Watch today at 1-888-458-6825 or submit our online contact form.