In the News – Security and Safety of Medical Devices

As medical devices (especially embedded devices) become increasingly “smart,” equipped with wireless interfaces, and part of networked systems, the potential for malicious access that can compromise patients’ privacy and possibly endanger their lives is of growing concern. While ease of access to these devices can be vital for timely medical intervention, unsecured access is dangerous. The articles cited below address the need for balance between these two concerns of access and safety.

In a recent IEEE Spectrum podcast, security expert Kevin Fu voices his concern that manufacturers of pacemakers and other implanted devices have not paid enough attention to the security of their products.

An MIT Technology Review article points out a potential danger that exists in implanted devices, such as defibrillators, where a hacker might be able to remotely reprogram the device to cause it to fail to operate when needed. A solution is proposed for this which blocks reprogramming except when an external device, placed against the patient’s body, exchanges encrypted signals with the implanted device.

An IEEE Spectrum blog reports on a unique proposal for hiding confidential patient data in wireless data transmissions, using steganography (hiding messages in such a way that no one except the intended recipient suspects the presence of the message). The confidential information is embedded in an ECG signal, for instance, in a manner that does not distort the medical signal.

Finally, Deloitte has made available an Issue Brief on Networked Medical Device Cybersecurity and Patient Safety, which is based on a survey they conducted of Medical Device Security Leaders. It describes potential risks and FDA draft guidance on managing cybersecurity, and suggests a path forward.