Telemedicine is coming to a hospital or medical office near you. What is telemedicine? Simply put, telemedicine is when the medical provider is in one location and the patient is in another. The medical professional uses telecommunication technology, often times via the internet, to provide medical care to the patient. Unfortunately, any time information travels across the internet, no conversation is complete without considering the security of the technology.
I just read an article about the use of a telerobot, allowing a physician to operate from a remote location using a robot at the patient’s bedside (http://lgl.kn/9a85d). The article highlighted how a hacking team from the University of Washington Department of Electrical Engineering and of Computer Science and Engineering found that they could hack into the robot’s computer systems and take control of the teleoperation. They could tell the robot to ignore, or change directions of the surgeon, or cause the robot to perform a harmful action.
Last week, in my e-newsletter, Data Protection Weekly, I included an article about a sensor the size of a grain of sand, which when swallowed will send data to your smart phone or tablet to be forwarded to your doctor (http://lgl.kn/9a85d). Imagine a hacker not only stealing this medical data as it travels across the internet, but changing the data before it reaches the physician. This could cause the physician to provide the wrong treatment to the patient, or reach an incorrect diagnosis, with potentially disasterous consequences.
These two (2) examples underscore the importance of security being built into “hijackable” medical devices. I can envision a hacker using a type of ransomware to not just hold data hostage, but hold the very operation of a medical device hostage, threatening the safety of the patient. Medical device manufacturers not only have to be concerned with the operation of the device so it performs as intended, but they have to design the device to protect patients from hackers.