There are many benefits to having internet-connectedness and one such benefit is the ability to provide remote control to implanted medical devices such as pacemakers - adjusting these devices through the Internet of Things can avoid additional surgeries or other procedures that carry the risk of infection.

But remote control of such a sensitive piece of equipment can be a detriment. Anything connected to the Internet potentially is at risk of hacking — and when the device being hacked is a medical device, the risk could be fatal.

In view of these risks, United States Food and Drug Administration (FDA) drafted guidelines for building enhanced cybersecurity into the design and development of Internet connected medical devices. Recently the FDA released new recommendations that deal with maintaining the cybersecurity of medical devices after the devices have entered the marketplace.

Meanwhile, what can users do to protect themselves? Find out what information is stored on your device and how it is accessed. Also find out from the manufacturer what steps are they taking to protect your device from being hacked. If your device uses an open WiFi connection, you should change it to operate exclusively on a home network with a secured WiFi router. If your device is capable of transmitting data, make sure that the transmissions are encrypted.

A well-known medical device manufacturer had recently warned its insulin pump user about security issues that could allow hackers to deliver unauthorized doses of insulin.

The vulnerabilities were discovered by Jay Radcliffe, a security researcher at Rapid7 who is a Type I diabetic and user of said pump. The flaws primarily stem from a lack of encryption in the communication between the device's two parts: the insulin pump itself and the meter-remote that monitors blood sugar levels and remotely tells the pump how much insulin to administer.

The pump and the meter use a proprietary wireless management protocol through radio frequency communications that are not encrypted. This exposes the system to several attacks.

Passive attackers can snoop on the traffic and read the blood glucose results and insulin dosage data. Then, they can trivially spoof the meter to the pump because the key used to pair the two devices is transmitted in clear text.

"This vulnerability can be used to remotely dispense insulin and potentially cause the patient to have a hypoglycemic reaction."

IT security consulting firm Bishop Fox conducted a research on a specific Medical Heart Device from one of the world’s biggest maker of implantable cardiac devices and results showed that the cardiac devices had "serious security vulnerabilities" that could allow attackers to disable the devices or deliver electric shocks to patients.

The vulnerabilities included flaws in the encryption of the radio frequency protocol used by the developer as well as a backdoor to the devices that Bishop Fox said was "relatively easy to discover."

The report said the wireless communications in the cardiac devices are vulnerable to hacking, making it possible for hackers to convert the patient monitoring devices into "weapons" that can cause cardiac implants to stop providing care and deliver shocks to patients.

Bishop Fox said it conducted successful test attacks from 10 feet (3 meters) away, but that the range might be extended to as far as 100 feet (30 meters) with an antenna and a specialized device known as a software defined radio.

With the security flaws leave the life-saving devices vulnerable to attacks that could wipe out them out, cause them to malfunction or drain their batteries.

You have received this email because you are opted-in to receive information about HIMSS Asia Pacific membership and events. Want to control your email from HIMSS? Unsubscribe from emails.

If you have any questions or problems please contact us at [email protected]. HIMSS Asia Pacific, 3 Killiney Road, #04-04 Winsland House 1, Singapore 239519 Tel: (65) 6664 1100 Fax: (65) 6836 7728