With so many every day devices connected to the internet, the risk of getting hacked is always there. But it would be much serious when it comes with people who use medical IoT devices. Now in this article we will explain how medical IoT devices are vulnerable to hacking and crafty hackers. Then we will tell you what steps you should take to protect the medical devices security.
What Are Medical IoT Devices?
You may have heard of the Internet of Things (IoT), a term for gadgets and devices which are connected to the internet, often in the home. Think of smart kettles, smart bulbs, smart speakers, smart TVs, and so on. These devices connect to the internet to send you information via an app on your phone. Or they provide an interface for the internet so you can watch videos or listen to music.
An expanding field is medical IoT, which refers to Internet of Things devices related to healthcare. This includes devices for diabetic patients to monitor their glucose levels or dispense insulin, smart inhalers for asthmatics, some artificial pacemakers, and smart contact lenses. It even includes the Apple Watch which tracks health indicators like heart rate.
These devices help many people and are particularly useful for allowing doctors to monitor patients remotely. In the case of smart drug delivery devices, they can also make sure people get the right amount of medication they need on time.
Why Medical Devices Security Is at Risk
It is a scary thought, but medical IoT devices security are vulnerable to hackers. Cyber criminals can use the same techniques they use on phones and computers to access medical devices. Actually, it should be noted that in some ways IoT devices are more vulnerable because their security systems are often based on older hardware.
Hackers can potentially access any device which is connected to the internet. And the consequences of a life-essential medical IoT device like a pacemaker being hacked are extremely serious.
In mid-2019, a security issue with insulin pumps made by Medtronic arose. Thousands of the devices had to be recalled. And in 2017, the Food and Drug Administration announced that implantable cardiac devices from St. Jude Medical had serious security vulnerabilities, which had to be fixed with a software patch.
There has not yet been a reported case of someone being harmed by a hacked medical IoT device. But the possibility that it could happen in the future has both security experts and device users concerned.
Medical IoT Devices Security Tips
There are some tips to take in order to maintain medical IoT devices security. Firstly, you should follow standard advice for securing any kind of IoT device:
1. Change the Default Password Regularly
Always change the default password. Most IoT devices come with a default password like “password” or “0000” which makes them incredibly easy to access. Users often don’t think to change these passwords because they don’t realize how vulnerable they are. Whenever you get a new device which connects to the internet, find out if it has a password and change it to something only you know. Try to create strong passwords which are unguessable or if you are worry about forgetting such passwords, you can make use of a password manager app to help you.
2. Always Keep the Device’s Software Up to Date
You also need to make sure that you update the device’s firmware regularly. Some devices will automatically update themselves, but not all have this function. It can be an annoyance to update software, but it is essential to patch any security issues and to keep your device safe. Check with the manufacturer to see if there are updates you need to apply.
3. Revoke Automatic Connection to Wi-Fi Networks
Check your settings and don’t let your device automatically connect to any available networks. If your device stays in your home and only connects to your home Wi-Fi, it’s probably fine. But what if your Wi-Fi network goes down, or you move the device to a new location? In that case, the device might detect an open network and automatically connect to it.
4. Keep Your Device in a Safe Place
It is a good idea to keep your device on you at all times. You want to make sure no one has the opportunity to interfere with your device in person as well as over the internet. This is best achieved by carrying your device with you or locking it away somewhere safe when it is not in use.
5. Don’t Plug in Your Device into Unknown Sources
Be careful where you plugin your device. Don’t plug your device into an unknown computer. When you connect your device to a computer, such as through USB, you enable the transfer of data between the two. Hackers could use this connection to interfere with your device and make it less secure. Avoid plugging your device into public computers in locations like libraries. Only connect it to computers you own and monitor yourself.
Also, be careful with charging stations. Sometimes, a charging station will be a simple USB cable and charger, and this can be used safely as it can’t be used to transfer data. But sometimes, a charging station will have a USB cable that goes into a hole or wall so you can’t see what the cable is connected to.
These cables could be connected to a computer, and plugging your device into them will give that computer access to your device which can be dangerous. If you aren’t absolutely sure about a charging station, don’t use it.
6. Regularly Update the Medical Device Security Issues
Check the website of your device manufacturer regularly to see if there are updates or security issues that you need to be aware of. And if your device is behaving strangely or you think someone may have accessed it, talk to your doctor as soon as possible.
Steps You Need to Consider When Medical IoT Devices Have Security Vulnerabilities
Look out for letters or emails from your device manufacturer about updates to your device. You should be extra careful if you hear that your device has a vulnerability. You need to follow these steps advised by the FDA in addition to the tips we have mentioned above:
- The serial number of your device shouldn’t be shared with others at all. If you ever take a photo which includes your device, make sure the serial number is not visible. This is particularly important for known vulnerabilities like the Medtronic Insulin Pumps, as hackers can use the serial number to access the device or find information about you.
- When you are not downloading data or updating software, disconnect devices from your computer. When you leave your device plugged in there is a chance that anyone who can access your computer could access your device as well. Minimize this risk by only plugging your device into your computer while you are in front of the computer yourself and unplugging it when you are done.
- Never allow others to touch your device. This might sound paranoid, but it is best to be extra careful with a device which is important for your health. Don’t allow other people to handle your device, and watch out if you have small children who might be curious and press buttons without knowing what they do.
The Bottom Line
All of the mentioned tips will help you be sure about your important medical IoT devices security and making them hack proof. With so many IoT devices these days, it would be some how difficult to take care of their security issues. Anyway, our cautiousness would be helpful to some extent.