With so many every day devices connected to the internet, the risk of hacking is always there. But this is an even more serious threat for people who use medical IoT devices.
Here we’ll explain how medical IoT devices are vulnerable to hacking. Then we’ll tell you what steps you should take to keep your devices safe.
What Are Medical IoT Devices?
You may have heard of the Internet of Things (IoT), a term for gadgets and devices which are connected to the internet, often in the home. Think of smart kettles, smart bulbs, smart speakers, smart TVs, and so on. These devices connect to the internet to send you information via an app on your phone. Or they provide an interface for the internet so you can watch videos or listen to music.
An expanding field is medical IoT, which refers to Internet of Things devices related to healthcare. This includes devices for diabetic patients to monitor their glucose levels or dispense insulin, smart inhalers for asthmatics, some artificial pacemakers, and smart contact lenses. It even includes the Apple Watch which tracks health indicators like heart rate.
These devices help many people and are particularly useful for allowing doctors to monitor patients remotely. In the case of smart drug delivery devices, they can also make sure people get the right amount of medication they need on time.
Why Are These Devices at Risk From Hackers?
It’s a scary thought, but medical IoT devices are vulnerable to hackers. Cyber criminals can use the same techniques they use on phones and computers to access medical devices. In fact, in some ways IoT devices are more vulnerable because their security systems are often based on older hardware.
Hackers can potentially access any device which is connected to the internet. And the consequences of a life-essential medical IoT device like a pacemaker being hacked are extremely serious.
In mid-2019, a security issue with insulin pumps made by Medtronic arose. Thousands of the devices had to be recalled. And in 2017, the Food and Drug Administration announced that implantable cardiac devices from St. Jude Medical had serious security vulnerabilities, which had to be fixed with a software patch.
There has not yet been a reported case of someone being harmed by a hacked medical IoT device. But the possibility that it could happen in the future has both security experts and device users concerned.
General Security Tips for IoT Devices
There are steps you can take to make more medical IoT devices more secure. Firstly, you should follow standard advice for securing any kind of IoT device:
1. Change the Device’s Default Password
Always change the default password. Most IoT devices come with a default password like “password” or “0000” which makes them incredibly easy to access. Users often don’t think to change these passwords because they don’t realize how vulnerable they are. Whenever you get a new device which connects to the internet, find out if it has a password and change it to something only you know.
2. Update the Device’s Software Regularly
You also need to make sure that you update the device’s firmware regularly. Some devices will automatically update themselves, but not all have this function. It can be an annoyance to update software, but it’s essential to patch any security issues and to keep your device safe. Check with the manufacturer to see if there are updates you need to apply.
3. Turn off Automatic Connection to Wi-Fi Networks
Check your settings and don’t let your device automatically connect to available networks. If your device stays in your home and only connects to your home Wi-Fi, it’s probably fine. But what if your Wi-Fi network goes down, or you move the device to a new location? In that case, the device might detect an open network and automatically connect to it.
You need to be very careful when connecting to open networks, as hackers can use public Wi-Fi to steal your identity. They may be able to access data or manipulate your IoT devices as well.
Specific Security Tips for Medical IoT Devices
There are also specific steps you should take to keep your medical IoT devices safe:
1. Keep Your Device in a Safe Place
It’s a good idea to keep your device on you at all times. You want to make sure no one has the opportunity to interfere with your device in person as well as over the internet. This is best achieved by carrying your device with you or locking it away somewhere safe when it is not in use.
2. Be Careful Where You Plug in Your Device
Don’t ever plug your device into an unknown computer. When you connect your device to a computer, such as through USB, you enable the transfer of data between the two. Hackers could use this connection to interfere with your device and make it less secure. Avoid plugging your device into public computers in locations like libraries. Only connect it to computers you own and monitor yourself.
Also, be careful with charging stations. Sometimes, a charging station will be a simple USB cable and charger, and this can be used safely as it can’t be used to transfer data. But sometimes, a charging station will have a USB cable that goes into a hole or wall so you can’t see what the cable is connected to.
These cables could be connected to a computer, and plugging your device into them will give that computer access to your device which can be dangerous. If you aren’t absolutely sure about a charging station, don’t use it.
3. Keep up to Date on Security Issues
Check the website of your device manufacturer regularly to see if there are updates or security issues that you need to be aware of. And if your device is behaving strangely or you think someone may have accessed it, talk to your doctor as soon as possible.
What to Do If Your Medical IoT Device Has a Security Vulnerability
Look out for letters or emails from your device manufacturer about updates to your device. You should be extra careful if you hear that your device has a vulnerability. In addition to the steps above, follow these steps advised by the FDA:
- Don’t share the serial number of your device. If you ever take a photo which includes your device, make sure the serial number is not visible. This is particularly important for known vulnerabilities like the Medtronic Insulin Pumps, as hackers can use the serial number to access the device or find information about you.
- Disconnect devices from your computer when you are not downloading data or updating software. When you leave your device plugged in there is a chance that anyone who can access your computer could access your device as well. Minimize this risk by only plugging your device into your computer while you are in front of the computer yourself and unplugging it when you are done.
- Don’t let anyone else touch your device. This might sound paranoid, but it’s best to be extra careful with a device which is important for your health. Don’t allow other people to handle your device, and watch out if you have small children who might be curious and press buttons without knowing what they do.
Take Precautions to Keep Medical IoT Devices Secure
These tips will help make sure that your important medical IoT devices are as secure as they can be from hacking attempts.
While you’re here, you can also learn how to secure other IoT devices in your home with our tips for securing smart devices.