Next-Gen healthcare devices are changing preventive care as well as how people are diagnosed and treated. However, there are multiple flaws when using devices that connect to other services through protocols such as Wi-Fi and Bluetooth as part of the Internet of Medical Things. As such, many of the most commonly used devices are vulnerable to attack and hostile takeover, from outdated legacy OS systems to the remote takeover of surgical robotics.
Insulin Pump “Man in the Middle” Attacks
A “man in the middle” attack is one of the most common intrusions into a system. Essentially, a hacker places themselves between the user and an app. This can help them either eavesdrop to scrape data or impersonate one party. This is one of the main reasons clinics are exploring greater cybersecurity for medical technology, as continuous glucose monitors are among the most widely exploited since they use Bluetooth to communicate with devices such as phones.
Imaging Systems Using a Legacy OS
MRI and CT scanners are not new machines and have been around for decades. As such, their built-in OS systems are vulnerable to attack if they haven’t been updated, which most have not. However, even relatively new models running an OS like Windows 10 will not receive updates and security patches, leaving them wide open for hackers, with the cost of replacement blocking clinics from buying new devices, of which around 83% are running outdated operating systems.
Next-Gen Healthcare Devices and Risky AI
Some of the most interesting developments in AI are in healthcare devices. However, it can go wrong, and it is believed that 95% of failures are due to human misconfiguration. This includes adversarial AI, where AI is fed slightly altered data that is very hard to spot by humans, resulting in a false diagnosis, which leads to wrong dosage and treatment. The implications of this kind of intrusion place AI devices among some of the riskiest from a health perspective.
Remote Takeovers of Surgical Robotics
One of the most concerning vulnerabilities of modern medical devices is the remote hijacking of surgical robots. In one study, the University of Washington was able to successfully hack a next-generation robot used for telesurgery and control it remotely. In a real-world scenario, a malicious hacker could manipulate commands that can subtly delay the actions of a robotic assistant during surgery, which could have devastating consequences during a procedure.
Organizing An Army of Botnets
DDoS (Distributed Denial of Service) attacks are the most common disruptions to a network and online system, and it is reported that the healthcare industry alone experiences over 820,000 attacks per day that could result in a devastating DDoS outage. While IoMT devices like smart beds don’t have the power to facilitate attacks, they can be organised into a botnet that combines their power, which could be used to launch a massive DDoS attack on a hospital.
Summary
A “Man in the Middle” attack from the interception of communication between a device such as an insulin pump and a smartphone is one example of how next-gen healthcare devices can be hacked. Systems that use AI can also be subtly manipulated, which can result in the wrong care, and hackers could organize individual devices into an army for a huge DDoS attack.
