There’s no denying digital healthcare is the wave of the future. Miniaturized sensors, wireless technology, and data analytics are able to provide real insights into what’s happening inside our bodies.
There’s more at work in this trend than just medical advancements. Worldwide cost pressures on healthcare systems from an aging global population are making digital healthcare the perfect solution in managing costs.
Forecasts are that it will become a very big business in the years ahead. PricewaterhouseCoopers believes that, by 2020, the market for digital health products and services will be a $61 billion business. That’s up one-third from 2015 levels.
But there is one major problem with the rise of connected healthcare. And that’s cyber attacks from unscrupulous people.
In 2015 alone, there were 253 breaches of medical information, covering 112 million health records.
Cyber Threat: From Fiction
And it goes further than just stealing sensitive patient data.
Hackers could do actual harm to patients. In an episode of Homeland, terrorists sabotaged the pacemaker of a U.S. vice president.
Just fiction, right? Not really.
Back in 2008, university researchers were able to reverse-engineer an implantable cardiac defibrillator’s communications protocol. In other words, it could be told to malfunction. And in 2012, the Government Accountability Office (GAO) had researchers take control of two medical devices with wireless capabilities.
So it doesn’t take much imagination to envision dire scenarios in today’s world.
To Real Life?
Hackers could access a hospital’s system (this has already happened numerous times) and find out which patients use critical devices to keep themselves alive. These could include anything from pacemakers to cardiac defibrillators to insulin dosage trackers. Through a hacked hospital’s computer system, hackers could gain access to all of these devices.
Then the cyber criminals could demand ransom from the hospital. And if not paid, the hackers could insert codes that would cause the devices to malfunction, killing patients. Or simply launch a denial-of-service attack that could cause the devices to malfunction.
The threat is real enough that, in January, the FDA issued recommendations on how medical device manufacturers can protect these devices against cyber security threats.
Suzanne Schwartz of the FDA’s Center for Devices and Radiological Health said the following in a press release from the FDA:
All medical devices that use software and are connected to hospital and healthcare organizations’ networks have vulnerabilities – some we can proactively protect against, while others require vigilant monitoring and timely remediation.
A Scary Future
The future healthcare environment is one where hospitals and patients will be completely reliant on electronic medical records that are integrated to control the medical devices people need to survive.
That opens the door to determined hackers who see a big payday via ransom. Or, even scarier, terrorist hackers just looking to cause a mass panic by randomly killing innocent people who rely on their medical devices.
Sadly, the bottom line is that today, as the FDA’s Schwartz said, “There is no such thing as a threat-proof medical device.”