Security threats of connected medical devices

With 30 million people walking around with high-tech medical devices on them, Gary Newe, technical director F5 Networks, discusses just how safe they are

We have witnessed an exponential rise of smart devices over recent years as cloud computing and the internet connects consumers to information anytime and anywhere. However, the world of technology moves quickly and we are already observing the emergence of a new kind of portable device that can be worn on the body.

It is clear that the race is on for medical devices, with tech giants clearly competing to get a slice of the action. Apple recently launched its new HealthKit application - a multi-purposing, data-aggregating hub for health and wellness data from multiple platforms, sensors and partners. Google also wasn't far behind with its Google Fit platform, which is also questing for an integrated, networked approach to diagnostics by getting wearables and other data-yielding devices to engage in constructive dialogue.

These are, of course, just the latest - albeit among the most compelling - additions to the Internet of Things' (IoT) sprawling and interconnected hospital wing. Hardly a day goes by without arrays of shiny new kit coming online; recent solutions gaining the "smart" prefix include everything from diapers and insulin monitors to sensors tracking whether medication is adequately ingested and absorbed.

The big hope for healthcare providers worldwide is that hospitals stand to benefit from an operational efficiency shot in the arm with IoT as an ally on the ward.

Remote monitoring and support can slash critical equipment downtime, real-time monitoring ensures supplies never run out or are over-supplied, and doctors can schedule their time with unprecedented precision. And these are just the tip of the iceberg, with the benefits from being able to more accurately monitor patients opening up a whole new era of predictive and more effective healthcare.

But there are also reasons to be cautious and for providers to ensure they have patient safety at the forefront of any developments. The US Food and Drug Administration is on the ball, recognising 25 standards that collectively help support medical-device interoperability and cyber security in late 2013. It is an astute move: a recent PricewaterhouseCoopers study highlighted a $30bn annual cost hit to the US healthcare system due to inadequate medical-device interoperability.

The Department of Homeland Security is also investigating two dozen cases of suspected cyber security flaws in medical devices that officials fear could be exploited by hackers. The ability to control these medical devices can be detrimental to the patient, creating problems such as instructing an infusion pump to overdose a patient with drugs, or forcing a heart implant to deliver a deadly jolt of electricity.

As the healthcare sector seeks to jump on the IoT bandwagon in earnest, it will inevitably have to steel itself for new dimensions in real-time data security. Cloud and smart device adoption will require massive shifts in accountability and policy development, and the flow of data has to be rapid, robust and secure.

Medical device manufacturers will need to work with security experts to protect data and other vulnerabilities that hackers can use to expose confidential data. This begins with the data centre and keeping medical data stored there secure and encrypted. The healthcare industry already has to adhere to stringent regulatory requirements so working with the right security vendor is of utmost importance.

While the transformational journey may seem daunting in scale, the IoT's burgeoning healthcare compatibility represents a thrilling and powerfully humanised convergence of technologies. Where we once only monitored, we will soon be able to predict and counsel before issues arise. Where high-tech care and consultancy were once confined to the clinic, they are now entering our homes and reaching developing countries from afar.

Gary Newe is technical director F5 Networks