Networked “smart” devices are poised to revolutionize health care, from infusion pumps that provide essential safety checks for the medications they deliver to multimillion-dollar robots that allow for more precise surgery and Bluetooth-connected pacemakers. But with these new opportunities come new risks — especially in a vulnerable setting such as a hospital.
This was brought to the fore last spring when the WannaCry ransomware attack roiled the British National Health Service, going so far as to disable CT and MRI machines used for crucial diagnostic procedures. Another ransomware attack, called Bad Rabbit, recently started spreading around Eastern Europe with the potential for similar damage.
To date, malicious cyber attacks on medical devices have not caused serious harm to patients. The potential, however, is real. In a move that recalled a major plot point in a 2012 episode of “Homeland,” the Food and Drug Administration recently approved the recall of nearly 500,000 Abbott pacemakers to address the risk of patient harm due to exploitation of cybersecurity vulnerabilities.
While an attack scenario that targets these pacemakers is unlikely, sabotaged medical devices could easily throw the disjointed American health care system into disarray, potentially harming millions of people who rely on these devices. And given the high stakes of many medical procedures, the consequences of such attacks on networked devices could literally be lethal.
Physicians are often quick to embrace the latest high-tech tools, and it is no secret that technologically advanced hospitals can have a competitive advantage in attracting patients and recruiting talented staff. A recent industry survey found that more than 90 percent of health care information technology systems employ networked devices. Yet it also found that 70 percent of hospital information technology decision makers incorrectly believe that the same software security tools used to safeguard computers and servers work for these devices.
Even a superficial study of some of the risks of these connected devices reveals how poorly understood they really are and how easily they can be compromised.
Take robotic surgical systems. As a test, researchers at the University of Washington in 2015 hacked into and maliciously controlled the Raven II Surgical Robot, which can be operated from afar. While the possibility of an evil genius commandeering a robotic surgical system seems a bit far-fetched, malware reportedly slowed down fetal monitors used on women with high-risk pregnancies at one hospital.
There is no doubt that benefits of the “connected hospital” are substantial. Human error can be a major contributor to patient harms and could potentially be reduced by using smart devices, say to prevent the delivery of a harmful dose of medication. Faster information flow from these devices can provide vital information at a once-unimaginable rate. Smart devices can incorporate advanced monitoring and safety routines. And doctors can use networked technology to get real-time feedback on performance metrics: a surgeon, for example, could remotely observe and provide real-time guidance during an operation. What’s more, remotely operated robotic surgery systems could give patients lifesaving care in areas of the world where few surgeons are working. However, the fact remains that advanced devices come with advanced risks.
The FDA has recently begun to address the issue of cybersecurity in medical devices, and over the summer Congress began considering legislation to ensure that manufacturers make embedded systems conform to information security standards.
The challenges of securing devices in a health care setting are substantial. Unlike network-connected industrial systems and security cameras, many medical devices must be moved throughout the hospital and even, in the case of devices like pacemakers, taken home. This mobility makes it difficult to locate the device on the network, which makes monitoring for attacks more challenging. In addition, we rely on these devices to function safely and reliably in all situations. Since lifesaving devices must continue functioning despite a malware infection, responses to a detected infection must first focus on patient health, then on preventing an attack from spreading.
Another difficulty is that health care devices not currently in use may be needed at a moment’s notice, such as an emergency department’s CT machine. While software patches provide important security updates, they require the device to be out of use for the duration of the installation process. This means that the timing of an upgrade must be chosen carefully. Software systems can automatically install security updates over a network connection, relieving hospital personnel of the task, but these must be implemented with safeguards in place so as not to risk downtime when devices may be required.
These challenges are large but not insurmountable. Stakeholders are starting to support security improvements, and regulators are increasingly acknowledging these issues. For example, in response to concerns that installing security updates to devices would require companies to repeat the labor-intensive process of getting them re-approved, for example, the FDA recently took steps to reduce regulatory barriers around installing security patches.
That advanced medical devices bring with them advanced risk does not mean that we take connected devices offline or halt technological advances. There’s a tradeoff: If we wait for devices to be perfectly secure, we miss out on the benefits they would provide for patient care in the meantime. But as we become ever more reliant on networked high-tech medical devices, we need to recognize that protecting them from hackers is an essential part of making them reliable and safe.