However, with this newfound connectivity comes a new concern: cybersecurity threats. What happens when a malicious party hacks a medical device? This risk could potentially result in patient casualties, making it a matter of the utmost importance for healthcare facilities and medical device manufacturers. Once equipment is connected, it’s now at a newfound risk of interception and tampering.
The Animas OneTouch Ping: A Cautionary Tale
The Animas OneTouch Ping is a great example of a new IoT innovation in medical equipment. This two-part system has a blood glucose meter that communicates wirelessly with an insulin pump up to ten feet away, using a proprietary management protocol in the 900mhz band. The OneTouch Ping makes it easier for diabetic patients to get the right amount of insulin, but recently, it was discovered that the device has several problematic security vulnerabilities.
- Cleartext communications. The OneTouch Ping’s pump and remote communicate in cleartext, rather than being encrypted. This means that data about blood glucose and insulin levels could potentially be accessed by third parties.
- Weak pairing. During setup, the device pairs with the remote, preventing the pump from accidentally picking up commands from a different nearby OneTouch remote. This process uses a 5 packet cleartext exchange of serial numbers and other information, generating a “key.” The packets are identical each time the two components are paired, and there is no encryption. Theoretically, a hacker could detect the key and spoof either of the two components, which they could use to remotely dispense insulin and send the patient into a hypoglycemic reaction.
- No defenses against replay attacks. When the pump and remote communicate, they do not use timestamps, sequence numbers, or other safeguards against replay attacks. An attacker could actually capture the remote transmissions and play them again later on at an inappropriate time, sending the patient into a hypoglycemic crisis.
This is just one example of a device that could potentially be hacked, causing serious harm to the patient. While such an attack would need to be relatively sophisticated, and the attacker would need to be within ten meters of the patient, such an occurrence is still within the realm of possibility.
Keeping IoT Medical Devices Secure
The vulnerabilities in the Animas OneTouch Ping underscore the growing concerns about IoT medical devices that aren’t designed with adequate security measures in place. As connected devices enter the mainstream and become more widely used, it’s important for manufacturers to implement security protocols that prevent such attacks.
The following is a risk-based security framework for healthcare organizations, originally put forth by Forrester Research.
- Categorize existing devices by risk.
- Implementing clinical risk management frameworks.
- Making sure everyone within a healthcare organization takes basic security measures.
- Security requirements for new devices.
- A zero trust networking architecture.
Once a device becomes part of the “Internet of Things,” it’s at risk for being accessed remotely by unauthorized persons. As these technologies continue to become standard and widespread, it’s essential that both, device manufacturers and healthcare organizations remain vigilant about potential security risks.