Mobile health devices aren't as secure as you might think. Look at how researchers plan to strengthen security for consumer devices and regulated medical devices.
2 of 12
What Cheney Feared
One of the most famous recipients of a cardiac defibrillator, former Vice President Dick Cheney, was concerned enough about the risks of hacking that he and his doctor had the device's wireless capabilities deactivated when it was replaced in 2007.
His concern came to light in a 60 Minutes interview in October, when Cheney and his cardiologist, Dr. Jonathan Reiner, were promoting a book they wrote together. The writers of the Showtime drama Homeland might have caught wind of this. A December 2012 episode featured the assassination of a vice president by hacking his pacemaker and stopping his heart.
By all accounts, such hacks are still limited to fiction and the nightmares of academic cybersecurity researchers, who typically take care to say the benefits of devices like pacemakers far outweigh the risks. Still, Cheney was not necessarily being excessively paranoid. Medical devices are essentially a special case of the embedded systems that have been subject to state-sponsored attacks -- think of the purported use of Stuxnet against Iranian nuclear facilities.
"I absolutely think that's reasonable for the vice president of the most powerful country in the world, because those attacks, while theoretical, are very plausible," Jay Radcliffe of the Washington security consulting firm InGuardians, who has studied medical device vulnerabilities, told us. "Just like the VP doesn't get a normal car or a normal cellphone, to me, not having a normal pacemaker is right in line with those other things." For everyone else, he said, the risk of a malicious attack is minimal.
Healthcare Data Breaches Cost More Than You ThinkHealthcare providers just don't get it. They refuse to see the need to fully secure their protected health information from unauthorized users -- and from authorized users who abuse their access privileges. As a result, they don't allocate enough budgetary resources for securing medical data.