Medical devices are having cyber security flaws which when explored by hackers can cause serious hacking concerns. Recently, Johnson & Johnson(J&J) discovered that its OneTouch Insulin pump has a cyber security defect through which hackers can remotely reprogram the device in such a way that the device alerts additional doses of diabetes drug to users. This could be life threatening issue.
Last week, the company sent a letter mentioning all the above said details to all patients using OneTouch. But as a sigh of relief, the letter quoted that the probability of unauthorized access to the Insulin checking pump was low, as it required technical expertise and sophistication to tweak the regular settings of the pump.
Currently, J&J are working to eliminate the security flaw from the pump and in the meantime has asked the patients to practice some series of steps to reduce the risk or isolate the device from any kind of cyber threats. The company has asked the patients using the device to turn off the Wi-Fi connection of the pump to a blood sugar meter. In case, if it is not possible, they are asking the patients to set a limit on the amount of Insulin that can be delivered.
The latest announcement reminds us the fact that the medical devices, which are widely used by both providers and patients are vulnerable to cyber criminals in the IoT devices.
The fact that medical devices are more prone to cyber attacks was discovered a couple of years ago.
FBI in a report issued in 2014 said that medical devices- especially those which are networked and use wearable sensors are more prone to cyber threats and can prove fatal to an entire healthcare network database, as they can serve as easy entry points to intruders.
If ignored, Federal Bureau of Investigation has also admitted that all such medical devices which are prone to cyber threats can act as access points compromising the data security of healthcare organizations.
The FBI report of 2014 lists out the following set of medical devices which are vulnerable to cyber threats
a.) Infusion pumps
b.) X-Ray Scanners
c.) Blood gas analyzers
d.) Medical Imaging devices such as lasers and
e.) life support equipment like Ventilators
As these devices are expensive and last long, providers usually use them for a period of say 5,10 or even 15 years. Thus, the software running on these devices remains old and usually remains non-updated. Hence, the absence of the latest version of cyber defense software makes the entire device vulnerable to the malware prevailing in today’s world.
Last year i.e in 2015, the Food and Drug Administration alerted users using Hospira Symbiq Infusion System about the vulnerabilities and asked the healthcare facilities to ban the use of the pumps in their agencies.
Security experts think that most medical devices used in healthcare organizations can act as soft targets for hackers with basic knowledge.
Medical devices manufacturers are now working hard to make their devices hack proof. But they say that they need a coordinated support from other industry players as well.