The advancement of technology rolls on and, with it, the need to modernise the way we work in healthcare environments. But with these new technologies come new risks – so what should we be looking out for to ensure patients and their all-important personal data is safe in 2016?
‘Medjacking’ is a term coined to describe the use of malicious software (‘malware’) as a means to launch cyber attacks on healthcare systems. This is usually done by hackers placing malware on networked medical devices – giving them the ability to remotely control medical equipment.
Medical devices may be vulnerable to attacks on their security systems that are installed by the manufacturers. Some manufacturers, especially those with low budgets for cybersecurity, turn to open source code and libraries for security solutions. They may be using older, more exploitable code, with known vulnerabilities in their products.
Where security systems are managed solely by the manufacturer’s external technicians, healthcare providers are totally dependent on manufacturers to maintain security.
Cyber attacks on healthcare providers
Medical devices have emerged as a new target for cyber attacks. In a report published in June 2015, one cyber defence company reported a case at an unnamed hospital where hackers were able to plant malware in surgical blood gas analysers.
The hackers then used the equipment as a back door to find passwords throughout the hospital’s IT systems and leak sensitive information. Another case involved hackers creating a backdoor access point through a hospital’s X-ray system.
The information that healthcare providers hold is more valuable than payment card information held by retailers. Health organisations often have complete profiles of people including national insurance numbers and medical health information that is impossible to change in light of a data breach. Health data attacks give hackers the information they need to commit identity fraud and organisations are vulnerable if their security systems are not sufficiently robust.
The healthcare industry is now using ‘apps’ in the same way as the fitness industry, to track patient health and assist with treatment compliance.
This year has seen the launch of Apple’s ‘iWatch’, which is able to monitor heart rate, blood glucose, sweat and sleep patterns. Various other fitness bands offer a variety of options for capturing an individual’s key health data, and consultants are predicting that up to 75% of the global population will be expected to use devices like this in the future.
We are also moving into an era of ‘implantables’. Google’s smart contact lens has the potential to monitor a person’s glucose levels or other vital signs. Drug companies are working on implantable smart pills that work with Bluetooth to inform doctors and family members if a patient has taken his or her medicine.
The progression from remote health monitoring to health apps will see patients monitoring and assessing their own health issues and managing their own prescriptions, relying on applications to inform patients to take clinical action and make diagnoses.
A new generation of bionics that can connect wirelessly with the nervous system and enabling ‘feeling’ sensations is now available to patients in the UK. These devices are implanted directly into the nerve to process and transmit signals wirelessly to an external device.
A £1.4m UK research project lead by Newcastle University aims to develop novel electronic devices that connect to the forearm neural networks to allow two-way communications with the brain. This could allow the hand to communicate directly with the brain, sending back real-time information about temperature, pressure and shear force. A £5.3 million award from the Engineering and Physical Sciences Research Council will also be used to develop smart trousers, to help disabled and older people walk, and biosensors to monitor how patients use equipment or exercise during rehabilitation.
Where the data sent through such devices is not encrypted, there is greater potential for a hacker to intercept or even modify that data. The former poses a security risk, the latter a threat to human health.
Technology can provide many answers to the challenges faced by healthcare providers. It can provide new and effective treatments, where patients can be treated away from hospitals and surgeries, can reduce the scope for human error and can result in costs savings.
However, the increasing use of technology means that more and more data is being held by healthcare providers and the high value of that data means that they have become increasingly attractive targets for hackers.
The focus of technological development, therefore, needs to be as much on the security of the data obtained as on the effectiveness of the devices themselves. Whilst there have not been any reported UK data breaches involving cyber attacks against healthcare providers so far, healthcare providers should be prepared.