• October 11, 2016

Don’t Go Hacking My Heart: IoT in Healthcare

IoT in healthcare can save lives—but security challenges loom large.

In 2007, Vice President Dick Cheney had his implanted heart defibrillator replaced. Fearing that a terrorist could hack the device’s wireless feature and tamper with its functionality to assassinate Cheney, his cardiologist had the manufacturer disable wireless capability.

The incident highlights a key issue facing the medical equipment industry’s use of the Internet of Things. As more internet-enabled life-saving devices and monitoring equipment come into use, the opportunities for hackers increase—and the consequences could be deadly. The medical equipment industry, seemingly due to lack of focus on security, has been slow to combat this vulnerability.

What We’re Up Against

IoT can provide life-saving services and improve the quality of healthcare, but implementation challenges—and security is just one of them—abound. Device and system interoperability, safety regulation, privacy protection, Big Data analysis, and the danger of data overload are all critical issues. More than 70 million IoT-enabled healthcare devices will be adopted globally within the next few years, according to a report by Juniper Research.

Hackers have been able to infiltrate servers containing sensitive medical information by exploiting security backdoors after gaining access through connected devices. “Vulnerable medical device software, often running on machines using outdated operating systems, like Microsoft’s Windows XP, are a chronic problem within healthcare environments,” according to The Security Ledger. This means even “long forgotten” viruses can be effective hacking tools.

Regulation Frustration

Regulators to date have struggled to keep up with new IoT technology. “The FDA’s challenge is a tricky one: to draft regulations that are specific enough to matter yet general enough to outlast threats that mutate and adapt much faster than the products the agency must certify,” according to Bloomberg.

Device security is gaining more regulatory attention, though. In October 2014, the U.S. Food and Drug Administration finalized recommendations to device manufacturers for managing cybersecurity risks. More recently, officials at the U.S. Department of Health and Human Services said they are considering a bug bounty program to encourage white hat hackers to find vulnerabilities in medical device software.

Data Dump

While the security issue is the most alarming, another pressing challenge is how to present medical professionals with the most relevant data collected, and not overwhelm them with extraneous information. As more devices come online, this big data analysis problem will grow greater. Turning the data stream into notifications and actions that best protect patient safety is another major task, notes a report by The Advisory Board Company.

“The actions/controls can be carried out semiautomatically or automatically depending on rules (e.g., the amount of human review and intervention may vary),” the report says. “Examples might include sending a warning to a physician that a patient’s condition is deteriorating, sending a patient a reminder to take his medication, or sending a command to a smart pump to increase the dose of medication.”

Many industries face similar security and big data analysis challenges as they adopt IoT, but in healthcare they seem particularly vexing. With pressure from the federal government to use more IT in an attempt to improve health outcomes, healthcare enterprises must tackle these problems now so that the promise of IoT can be realized.

Like this story? Learn more about digital disruption in healthcare.