Medical devices are an especially rich cybersecurity target for malicious activity by those seeking commercial gain or just trying to wreak havoc. And while data theft is a serious threat, the risks posed by hacks that involve the expanding universe of networked medical devices can be especially menacing.
In 2015, the FDA warned that a networked infusion pump was vulnerable to being accessed and controlled by unauthorized users. Concerned that attackers could harm patients by altering their medication dosing, the agency warned healthcare facilities to discontinue its use. Years earlier, before hacking of these devices was on most people’s radar, doctors for former Vice President Dick Cheney ordered that his heart defibrillator’s wireless capability be turned off to prevent the possibility of tampering by terrorists.
The motivation behind medtech hacking
Software-enabled devices have expanded exponentially and their function has evolved from one-way vendor monitoring to fully networked equipment with bi-directional connectivity. That has opened the door to wide-ranging exploitation of device data.
The most obvious motivation is mining data for information that can be used to target customers. A company that sells products and services to diabetics, for example, could benefit from locating patients who use insulin pumps. It may extend beyond patients to include family members: A genetic testing company might appeal to relatives of diabetics who are interested in knowing their own risk, or to purveyors of exercise equipment promoting the importance of fitness in diabetes prevention.
But there’s more than reaching consumers. If you’re considering building a hospital in a remote part of Africa, having access to data from patients’ devices in that region could help you decide whether to proceed. There are also many nefarious uses for stolen data. For example, a device maker could monitor the performance of its competitors’ products and use the information to modify its own offerings and exploit a competing product’s shortcomings in its marketing.