Healthcare // Security & Privacy
News
12/12/2013
08:36 AM
David F Carr
David F Carr
Slideshows
Connect Directly
LinkedIn
Google+
Twitter
RSS
E-Mail

Hackers Outsmart Pacemakers, Fitbits: Worried Yet?

Mobile health devices aren't as secure as you might think. Look at how researchers plan to strengthen security for consumer devices and regulated medical devices.
3 of 12

Pumping Up The Danger
Radcliffe's most notable contribution to the literature on medical device risks was a demonstration of how to hack an insulin pump wirelessly at the 2011 Black Hat conference. He's a diabetic, so he takes seriously the risk of reprogramming a pump to deliver a dangerously high dose of insulin. Though he tries to avoid being an alarmist, 'my biggest fear as a researcher is that people are going to say, 'Oh, nobody's going to die from this, so we shouldn't worry about it,'' he told us. If left unaddressed, the risks could turn real. That makes it important to 'push forward to try to make these devices safer for everybody.'
Recently, Radcliffe highlighted how easily a simple reset of his current insulin pump could cause it to 'forget' how much insulin it previously pumped into his body, resulting in an excessive dose. This wasn't the result of a hack -- he found it to be a danger after he changed the battery -- but it hints at broader problems with the embedded software's fragility.

Radcliffe's most notable contribution to the literature on medical device risks was a demonstration of how to hack an insulin pump wirelessly at the 2011 Black Hat conference. He's a diabetic, so he takes seriously the risk of reprogramming a pump to deliver a dangerously high dose of insulin. Though he tries to avoid being an alarmist, "my biggest fear as a researcher is that people are going to say, 'Oh, nobody's going to die from this, so we shouldn't worry about it,'" he told us. If left unaddressed, the risks could turn real. That makes it important to "push forward to try to make these devices safer for everybody."

Recently, Radcliffe highlighted how easily a simple reset of his current insulin pump could cause it to "forget" how much insulin it previously pumped into his body, resulting in an excessive dose. This wasn't the result of a hack -- he found it to be a danger after he changed the battery -- but it hints at broader problems with the embedded software's fragility.

3 of 12
Comment  | 
Print  | 
Comments
Oldest First  |  Newest First  |  Threaded View
RobPreston
50%
50%
RobPreston,
User Rank: Author
12/12/2013 | 9:52:24 AM
Oh my
I'm a tad more worried about hackers messing with pacemakers than with Fitbits. Nonetheless, this is beyond wrong.
David F. Carr
100%
0%
David F. Carr,
User Rank: Author
12/12/2013 | 10:05:18 AM
Sooner or later ...
The cybersecurity researchers are trying to raise enough of an alarm to change things, without being alarmist. Yet I have to wonder how long it will be before a real hack of someone's pacemaker comes to light, or some other life critical incident occurs.

Or is this really too far-fetched? Granted, there are easier ways to kill someone.
Laurianne
100%
0%
Laurianne,
User Rank: Author
12/12/2013 | 1:05:40 PM
No thanks to that network
Human bodies with a network of implanted medical devices? No thank you. I prefer to remain my own network administrator.
MedicalQuack
50%
50%
MedicalQuack,
User Rank: Moderator
12/12/2013 | 2:47:38 PM
Privacy too
I'm a privacy advocate and that along with security are two big issues for me.  The data selling epidemic in the US is so bad as you have the likes of Walgreens making about a billion a year selling data and Fitbit's model is built around selling data profiles...have a campaign for the FTC to license and excise tax all data sellers so they can regulate it.  Can't do that until we have an index..that would be a license.

Oh wellness companies owned by insurance companies love to get a hold of data like this and it will end up in some analytics program to fix you in some fasion or another or potentially in time to deny access to something or someone.

http://ducknetweb.blogspot.com/2013/08/ftc-tries-to-bring-strong-case-for.html


I am all over the FTC all the time about this.  There's a new "open" device out there which would allow one to choose their platform to use with it and that in time may be a plus as it would be out there for everyone to jump and fix flaws, security or otherwise. 
Healthcare Data Breaches Cost More Than You Think
Healthcare Data Breaches Cost More Than You Think
Healthcare providers just don't get it. They refuse to see the need to fully secure their protected health information from unauthorized users -- and from authorized users who abuse their access privileges. As a result, they don't allocate enough budgetary resources for securing medical data.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.