Design News is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The Hacker Hiding in Your Medical Device

Article-The Hacker Hiding in Your Medical Device

The Hacker Hiding in Your Medical Device

Health insurance provider Anthem Inc., has fallen victim to a massive cyber attack. Hackers were able to access the personal information of about 80 million Anthem customers, data which included addresses, birth dates, and social security numbers. Following a year filled with high profile cyber attacks this latest breach should serve as a wakeup call, particularly as healthcare adopts more and more networked devices and wearables that collect patient data.

Technology for health-based wearable devices that are connected to monitoring networks is growing quickly. The technology ranges from sensors to analytical solutions that capture the data and connect it to health records. “You can wear something at home now that measures blood pressure, glucose, or your respiratory system,” Melissa Masters, director of electrical software and systems engineering at Battelle Memorial Institute, told Design News. “What we really need now is good integration between sensors, analytics, and people who know health.”

People “who know health” is a critical component of these devices. The Health Insurance Portability and Accountability Act (HIPAA) is very precise in how patient information can -- and can’t -- be distributed. “You have to have someone on the design team who understands HIPAA laws and understands privacy concerns,” said Masters. “The data that’s being passed back and forth is sensitive. You have to ask what the level of risk is if this data is lost or gets corrupted. Could it harm a patient and cause injury?”

What could be healthier than an Internet-connected medical device that delivers critical care or monitors the vitals of a patient? These devices have improved medical care, keeping patients alive and sending alerts when vitals go off the rails. Yet, like factory networks, the medical data in the ether is vulnerable to corruption or deliberate attack.

Just as the tech world has to be educated about healthcare privacy, the medical world has to be educated on cyber dangers. “You have to create requirements around security, such as encryption when you’re passing data from the device to the cloud,” said Masters.

Hack Attacks on Hospitals

While we haven’t seen hackers or malware interfering with individual devices, the healthcare industry is learning about cyber security the hard way. “I’m not aware of security issues that have occurred with a wearable device, but I’m aware of situations that have happened in hospitals,” said Masters. “A medical device brought into a hospital in Chicago contained malware and the malware traveled to all of the hospital systems that were connected. It brought down the hospital system for a week.”

The healthcare industry has become an attractive target for cyber criminals. The Identity Theft Resource Center has noted that healthcare data accounted for 43% of major data breaches reported in 2013 and it didn't slow in 2014. In the 2015 Security Predictions report from Websense Security Labs, it was noted that hackers see hospitals and other healthcare providers as attractive targets. They are a hub for loads of personal information that providers are required to collect and keep on patients. The data includes names, addresses, financial details, and insurance information.

Hospitals have become notoriously easy to hack. An article in Wired last summer presented details on hospital vulnerabilities, from the ability to remotely change drug dosages to erasing configuration settings in critical equipment. The article found that hospital administrators are often unaware of the dangers they face. “There have been breeches in large healthcare systems. We’ve seen the use of ransomware, where a hacker takes down the data and asks for a ransom to release it,” said Masters. “That’s happening across a lot of different systems, including hospital networks.”

The hack on Anthem was not the first of its type. In August of last year, Franklin, Tenn.-based hospital operator Community Health Systems (CHS) had 4.5 million patient records stolen from its hospital networks. The hackers were able to do so by exploiting a bug in a networked device within the hospital.

Full details of the Anthem hack are not yet known, but Bloomberg has reported that investigators are pointing to Chinese-sponsored hackers as the culprits. Chinese hackers have been recently linked to several high profile thefts of medical-related data, including the CHS hack.

Masters will be part of a panel discussion during the Medical Design & Manufacturing West show, running Feb. 12-14 in Anaheim, Calif. The presentation, Designing Devices Toward Consumerization, Wireless Capabilities, and Wearable Technology will take place on Feb. 10, from 10-11:45 am.

Design engineers and professionals, the West Coast’s most important design, innovation, and manufacturing event, Pacific Design & Manufacturing, is taking place in Anaheim, Feb. 10-12, 2015. A Design News event, Pacific Design & Manufacturing is your chance to meet qualified suppliers, get hands-on access to the latest technologies, be informed from a world-class conference program, and expand your network. (You might even meet a Design News editor.) Learn more about Pacific Design & Manufacturing here.

Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine, Chile Pepper.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.