How to Protect Personal Information with Medical Devices
Ellen McCullough
/ Categories: Security

How to Protect Personal Information with Medical Devices

Medical Devices May Allow a Backdoor for Attackers

Overview

Do you have a pacemaker?  Have you had an MRI?  Do you use a blood glucose meter that connects to your smartphone?  If so, it is important to consider the security implications of using these devices in today’s increasing technology connected world.  It seems that just about every appliance we own these days has a tiny little computer with an Internet connection inside of it, from our toasters to our washing machines.  These technologies allow us major conveniences such as adjusting the thermostat at home while on vacation or starting the car remotely so that it can warm up on a cold day.  These same types of technologies are being used to help doctors and other healthcare professionals treat patients more effectively.  Sometimes this is done when the devices, such as internal defibrillators, send important information wirelessly to the doctor.  Other times the special equipment, such as an MRI, CT, or ultrasound, allow the doctor to see the inside of the patient without needing to resort to surgical procedures.  The doctor can then see this imaging directly connected to the patient’s chart.

You might be wondering how this type of attack can take place.  Many of these smart devices reside on what is called the Internet of Things, or IoT.  Among all of its benefits, the IoT has one glaring weakness: security.  IoT devices are created to be an inexpensive, yet integral, part of our lives, but they are often not continuously patched for security and vulnerabilities.  This leaves them wide open to become victims of attacks like Trojans or ransomware.  Additionally, many healthcare organizations still use outdated computer operating systems or may not update them in a timely manner (2).  The use of operating systems, like Windows XP, that are no longer actively supported by their parent companies leaves the door wide open for attacks.

Why Does It Matter

The security risks for these types of devices can be posed in a variety of ways.  Most often, the attackers that exploit these devices do not do any direct harm to patients, although the potential has been shown to exist in a theoretical setting (1).  Instead, they use these devices to essentially hack into the internal network of the healthcare system.  From there, they are able to access personal health information (PHI).  This PHI is what identifies us as patients and typically includes sensitive information such as name, birthdate, address, phone number, insurance information, and medical conditions.  Attackers will steal that information and sell it to other criminals or hold it ransom to get money.

What Should I Do to Protect My Medical Devices?

So, what does this mean for you? If you own or wear a medical device that requires the use of a username and password, be sure to keep that information secure.  This means not sharing it with others, routinely changing the password, and taking care to use a very strong password to protect your information.  Strong passwords are those that have at least eight characters, a mix of uppercase and lowercase letters, and a number or symbol.  Also, the FDA provides regulatory oversight for these devices (3).  Writing to your Congresspeople to support laws that provide specific security requirements of device manufacturers will also help to regulate this industry and keep everyone safe.

Previous Article Assessment of the Data Sharing and Privacy Practices of Smartphone Apps for Depression and Smoking Cessation
Next Article Cyber Vitals: Information for Patients' Medical Device Health
Print
8391 Rate this article:
5.0
3Upvote 0Downvote
Please login or register to post comments.

How to Protect Your Privacy as More Apps Harvest Your Data

A New York Times Personal Tech series article by Brian X. Chen

Retrieved By Health eConsultation 0 15667 Article rating: 5.0

In this article written by Brian X. Chen from the New York Times he discusses some of the potential ways in which mobile apps that you download to your phone may be collecting and using your personal data in ways you did not know.

One of the key takeaways is that there are ways in which to protect yourself and tools that can help you figure out which apps are collecting your data and how to remove their ability to do so.

Stay Private: How to Hide Your Webcam, Mute Your Mic, and Turn Off Notifications

An article from Zapier

Nathan E Botts 0 15586 Article rating: 5.0

One consideration as you gather and store more personal health information on your computer and devices is making sure that you are not inadvertently sharing this information (or some other aspect of your personal health) through your webcam or mic.

This article from Zapier outlines several different ways and some handy applications that can help you control this on your PC or MAC.

Determining the Value of Compromising Your Privacy

An article from Engadget

Nathan E Botts 0 10564 Article rating: No rating

This article from the Engadget web magazine discusses how your online searching behaviors might be monitored by different companies that you are unaware about. This data is likely used to build profiles that may impact the advertisements you see, credit ratings received, and other potential social network aspects as of yet identified. 

Sharing Sensitive Health Information: Protect Your Privacy and Improve Your Health

A guide from the Office of the National Coordinator for Health Information Technology

Nathan E Botts 0 54151 Article rating: 5.0

This 2-page ONC published graphic novel (aka comic book) is a short guide that helps illustrate why protecting your health privacy is important and issues to consider when sharing sensitive health information.

RSS

What is Health eDefense?

Health eDefense is the act of protecting your personal health information. This not only protects your privacy, security, and safety, but also protects the data of your family, friends, and others in your community.

The Health eDefense platform is dedicated to providing consumers with actionable information on how to protect their personal health information effectively from cyber threats. Health eDefense provides informational content and education related to cyber security, privacy and consent, security, and related topics and policies such as HIPAA and GDPR.

Cyber security is impacting our daily lives, and our personal and protected health information is a target for hackers and criminals looking to make money off of our personal data. Your personal health data will always be about your health, demographics, social, lifestyle, financial history, and other related details. Once taken, they cannot be taken back.

We think the best cybersecurity tool is education and awareness, and we hope to provide users with tools and insight to protect themselves and their data better.