Medical devices that are controlled by computer software— from heart monitors and pacemakers to mammogram and X-ray machines—are new targets for computer viruses and malware. This could put patients at risk, although no injuries or deaths have been reported so far. A recent survey reveals some interesting facts:
- The global market for medical device technologies is expected to exceed $674 billion by 2022.
- Connected medical devices, also called Internet of Medical Things (IoMT), are becoming a key part of healthcare infrastructure, with the average hospital room containing nearly 15–20 of them.
- The number of IoMT devices in a hospital can be more than twice the number of traditional networked devices, such as laptops and smartphones.
- 18 percent of providers reported that their medical devices were affected by malware or ransomware.
The U.S. Food and Drug Administration (FDA) is warning the manufacturers of medical devices about the problem and is requesting them to review the parts of their security plans that are related to these devices when they seek approval from the government agency. In October 2016, Johnson & Johnson warned patients that use its insulin pumps to exercise caution, as it had learned of a security vulnerability that a hacker could exploit to overdose diabetic patients with insulin, although the risk is low. A Department of Veterans Affairs (VA) report has shown that 327 devices at VA hospitals have been infected by malware since 2009. In January 2010, a VA catheterization laboratory was temporarily closed due to infected computer equipment that is used to open blocked arteries. And in a case at a private Boston Hospital, computer viruses exposed sensitive patient data by sending it to outside servers. The increased applications of electronic record systems as a part of the 2009 stimulus package is adding to this risk. In addition to privacy issues, hackers can change patients’ medical records and treatment plans. If the system does not have a strong login access, some patients can access a system and alter their own medications, such as those taking narcotic substances. Hackers could use Shodan, a search engine for locating Internet-connected devices, using terms such as “radiology” and “X-ray.”
Manufacturers must improve the security features of these devices, making them more difficult for hackers to break into. And there needs to be close coordination between the manufacturers and healthcare providers to further enhance security. Also, hospitals and medical facilities must make sure that all the software running these devices is up-to-date and any updates have been installed. Finally, these devices must be blocked from Internet access.
Answer the following questions in a Microsoft® Word document and save the file on your computer with your last name in the file. (Example: module_05_case1_Jones.doc)
- What are three examples of devices that could be attacked by computer viruses?
- What are the risks related to using electronic health records in hospitals and medical facilities?
- What are three pieces of advice for reducing the risk associated with using these devices?