“You give me fever, fever all through the night": Hack attacks against wireless medical devices and the virtual patient

Presented at May Contain Hackers (MCH2022), July 23, 2022, noon (60 minutes)

Protect our patients from healthcare hacks! The increasing availability of telemetric medical devices has great potential to improve patient care. Yet, smart medical devices are hackable and previous case studies have described the life threatening implications of healthcare hacks. We invite you to a workshop run by doctors who are looking for your input on a series of commonly used telemetric medical technologies. Help us improve patient care by exploring potential vulnerabilities and solutions. Telemetric medical devices can enhance patient care by improving symptom detection and disease treatment through the delivery of timely and responsive interventions (e.g., wireless glucose monitoring devices for diabetic patients). Yet, the increasing adoption of wireless medical devices in healthcare settings and the consumer environment puts patients at risk of ‘healthcare hacks’. We present a number of wireless medical devices currently in use and ask you to consider the vulnerabilities of these technologies to hack attacks: 1. Diabetes glucose sensors 2. Hearing aids 3. Cardiac Monitors 4. Pain relief voltage devices 5. Virtual Patient Beds Each of these devices connect remotely to a monitoring device, exposing them to malicious digital manipulation. So far, two case studies have described the vulnerabilities of these systems. One report described the remote hijacking of an insulin pump and another described the manipulation of an implanted cardiac device [1-3]. Increasingly, research is describing the security and privacy risks of telemetric and implanted medical devices to patients. In particular, ‘closed loop’ systems that alter device settings based on real-time physiological signals do not require clinician or patient input, and are therefore particularly vulnerable to unnoticed manipulation. Without proper security, smart medical devices are breachable and can have life-threatening consequences for the patient. We invite you to our workshop to discuss, in short groups, the listed devices and their vulnerability to manipulation. As medical doctors, we will highlight the range of clinical syndromes which may arise from these hacks and will discuss how they may be recognised in clinical settings. Lastly, we will consider the vulnerability of the healthcare concept of ‘The Virtual Patient’. Due to high hospital occupancy following the COVID19 pandemic, ‘Virtual Beds’ - which allow physicians to monitor patients in the community - have been suggested as an alternative policy for relieving pressure from healthcare services. The management of the ‘virtual patient’ relies heavily on telemetry devices and medical database systems. We will discuss the vulnerability of the specific devices listed above, in addition to the wider concept of ‘virtual patient care’. Questions for workshop participants would include: (i) Vulnerabilities: How would you hack a smart medical device or what attacks is it likely to encounter? (ii) Defense: What are device vulnerabilities and what options could improve the security of these devices? (iii) Ethics: What are the arguments for and against these devices being used in healthcare? [1] Denning, Tamara, et al. ‘Neurosecurity: Security and Privacy for Neural Devices’. Neurosurgical Focus, vol. 27, no. 1, July 2009, p. E7. thejns.org, https://doi.org/10.3171/2009.4.FOCUS0985. [2] Camara, Carmen, et al. ‘Security and Privacy Issues in Implantable Medical Devices: A Comprehensive Survey’. Journal of Biomedical Informatics, vol. 55, June 2015, pp. 272–89. PubMed, https://doi.org/10.1016/j.jbi.2015.04.007 [3] Li, Chunxiao, et al. ‘Hijacking an Insulin Pump: Security Attacks and Defenses for a Diabetes Therapy System’. 2011 IEEE 13th International Conference on E-Health Networking, Applications and Services, 2011, pp. 150–56. IEEE Xplore, https://doi.org/10.1109/HEALTH.2011.6026732.

Presenters:

• Isabel Straw
  Isabel specialises in the intersection of Artificial Intelligence (AI), clinical medicine and healthcare inequalities. She works part-time as an emergency doctor in addition to pursuing her PhD which focuses on supervised and unsupervised machine learning methods for bias mitigation in medical algorithms. She has experience in international settings both in her clinical work, and in policy settings at the United Nations. Clinically, she has worked in humanitarian and conflict areas in adult and paediatric emergency medicine. In international policy settings she has focused on the ethics of neurotechnology, artificial intelligence, reproductive technology and the impact of climate change on human civilisation. Her interests include AI and neurotechnology, healthcare disparities, global health, and gender-based violence. She has published work that highlights bias in medical algorithms, the role of AI in psychiatry, and the impact of technology on healthcare inequalities and gender-based abuse.

Links:

• https://program.mch2022.org/mch2021-2020/talk/EUMTS7/

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / Abusing IoT Medical Devices For Your Precious Health Records
• Black Hat Europe 2017 / Breaking Bad: Stealing Patient Data Through Medical Devices
• May Contain Hackers (MCH2022) / Can’t get you out of my head: Telemetric hacking of medical deep brain stimulators