IoT Medical Devices: Our Scariest Security Threat Yet
February 01, 2018
Beth Kindig
Lead Tech Analyst
IoT medical devices may be our scariest security threat yet. Implanted devices such as pacemakers draw big headlines for security threats. However, there are 36,000 other health-care related devices in the United States that are discoverable on the connected device search engine Shodan – which doesn’t even take into account the global level of unprotected devices (source: Wired).
In fact, U.S. hospitals have an average of ten to 15 connected IoT medical devices per bed with some hospitals registering 5,000 beds (or 50,000 connected devices). Therefore, the magnitude of the risks associated with these medical IoT devices is a gripping proposition.
Most hacks will not be a life or death situation, although a few exposed vulnerabilities could be potentially fatal, such as with Johnson & Johnson’s insulin pumps, which could potentially administer a fatal dose of insulin, or the Animas OneTouch Ping with a vulnerable wireless controller. The most common hack is for medical records, which can be sold on a Dark Web aftermarket with a value of $500 per Medicare or Medicaid record [2] . As The Hill reports, tens of millions of electronic health records have been compromised over the last few years, whereas there has not been a single implant device death or documented patient harm, according to Zach Rothstein, associated vice president of the Advanced Medical Technology Association. In 2015 over 113 million personal health records were compromised, up 9x from 2014, according to the Department of Health and Human Services (DHS).
While medical record theft and device hacks are well documented, there are many reasons hackers target the vast array of medical devices on the market. Ransomware is the practice of taking over a mobile app until a ransom is paid. A similar exploit can be performed on hospitals by entering a weak point, such as unsecured wireless connections, to access the system and take it over for a ransom. For instance, the Los Angeles Hollywood Medical Center had to pay hackers $17,000 to regain control of critical computer systems [3] . A similar attack also occurred in Mount Pleasant, Texas, where a hospital had its core electronic medical system knocked offline until a ransom was paid. According to those in the security industry, while ransomware attacks are prevalent, they are rarely made public for a variety of reasons.
Other reasons hacks that can occur include changing medical records for allergies or diagnoses. There is at least one case where medical devices were hacked to disseminate information and change stock prices, such as with Muddy Waters, a short selling firm that hired a boutique cybersecurity firm to conduct test attacks on a St. Jude’s pacemaker from 10 feet (3 meters) away, but up to 100 feet with an antenna and software defined radio, according to Reuters.
Medical devices extend beyond healthcare facilities and now overlap with mobile apps, as well. Last year, the Medicines and Healthcare products Regulatory Agency (MHRA) has issued updated guidance today to help identify health apps that are medical devices – and how to secure these mobile vulnerabilities. The apps that are of concern gather data from either the person or a diagnostic device, collecting information such as heartbeat or blood glucose levels, and then interpret the data to make a diagnosis, or to recommend treatment4 . As the MRHA director of medical devices says, “We live in an increasingly digital world, both healthcare professionals, patients and the public use software and stand-alone apps to aid diagnosis and monitor health.” There are also many apps connected to medical devices, providing another entry point for hackers.
“Mobile apps are unleashing amazing creativity,” Bakul Patel said from the FDA’s Center for Devices and Radiological Health. “At the same time, we have set risk-based priorities and are focusing FDA’s oversight on mobile apps that are devices for which safety and effectiveness are critical.”
This article first appeared on Intertrust.com
To learn more on how to protect IoT Medical Devices and how Intertrust drives advancements in healthcare with secure data collaborations, data privacy and security, contact sales@whitecryption.com
SOURCES:
[1] WIRED, Medical Devices Next Security Nightmare
[2] NextGov, This Is the Real Threat Posed by Hacked Medical Devices at VA
[3] NYTimes, Los Angeles Hackers Pay $17,000 After Attack
Gains of up to 2,390% from our Free Newsletter.
Here are sample stock gains from the I/O Fund’s newsletter --- produced weekly and all for free!
+2,390% on Nvidia
+450% on Bitcoin
*as of Jun 25, 2024
Our newsletter provides an edge in the world’s most valuable industry – technology. Due to the enormous gains from this particular industry, we think it’s essential that every stock investor have a credible source who specializes in tech. Subscribe for Free Weekly Analysis on the Best Tech Stocks.
If you are a more serious investor, we have a premium service that offers lower entries and real-time trade alerts. Sample returns on the premium site include 3,900% on Nvidia, 850% on Chainlink, and 695% on Bitcoin. The I/O Fund is audited annually to prove it’s one of the best-performing Funds on the market, with returns that beat Wall Street funds.
More To Explore
Newsletter
Mag 7 Stocks Should See One More High
Optimism around the Fed could spark a continuation of the relief rally in the Russell 2000 and further rotation out of the Mag 7. Below, we look at the pros and cons of a Mag 7 rotation and how we pla
Palantir’s Stock Is Priced For Perfection
Heading into 2024, Palantir was exhibiting “multiple signs of acceleration” stemming from strong growth in its US commercial segment, driven by AIP, Palantir’s Artificial Intelligence Platform that le
Tesla’s Q2 Deliveries Strong, But What’s To Come?
After months of being the lowest performing Mag 7 stocks, Tesla saw rapid gains — up 42% in a one month rally, with 37% of those gains in eight sessions — after it reported Q2 deliveries ahead of expe
How to Participate in Tech: The Million Dollar Question (Video Highlights)
With audited returns of 131% since inception, compared to the NASDAQ-100’s 82%, portfolio manager, Knox Ridley, lays out how we have successfully maintained an overexposure to the right tech stocks, w
This AI Stock Could Outpace Nvidia’s Returns by 2030
Lead Tech Analyst and CEO Beth Kindig recently joined Real Vision’s Nico Brugge to discuss her AI outlook on leading AI stock Nvidia, while sharing which AI stock she believes may outpace Nvidia’s ret
AI PC Stocks: Emerging 2024 And 2025 Story
Currently, there is a major bottleneck right now for AI applications to where client devices are not powerful enough or energy efficient enough to leverage AI capabilities at the edge.
AI Power Consumption: Rapidly Becoming Mission-Critical
Big Tech is spending tens of billions quarterly on AI accelerators, which has led to an exponential increase in power consumption. Over the past few months, multiple forecasts and data points reveal s
With Bitcoin at All-Time Highs, Here’s What’s Next for COIN, HOOD
Bitcoin and the spot BTC ETFs have clearly seen strong investor appetite since the approval in the beginning of the year. Alongside strong initial adoption of the new ETF class, we’re also seeing majo
Here's Why Nvidia Stock Will Reach $10 Trillion Market Cap By 2030
I believe Nvidia can achieve an astonishing $10 trillion market cap by 2030. As you’ll see from the key points to my thesis, there is a bull case where a $10T market cap estimate in a little over six
Taiwan Semiconductor Stock: April Sales Soar From Advanced Nodes
Despite warning of a slowdown in the broader semiconductor industry this year, TSMC’s April sales surged 60% YoY and 21% MoM. This marks a positive start to the 20-percentage point acceleration to 33%