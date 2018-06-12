The security risk storm is here: Medical device threats are real and a patient safety risk

A recent University of California survey found that a few delivery organizations and vendors believe 100 to 1,000 patients have had adverse events from compromised devices - and the threat will only persist.
By Jessica Davis
June 12, 2018
04:00 PM
Share
Medical device threats are real, risk to patient safety

A recent study from the University of California Cyber Team funded by MedCrypt found that a few healthcare delivery organizations and vendors believe between 100 and 1,000 patients had adverse events from compromised devices.

It’s a staggering number, especially when compared to the 80 percent of survey respondents that report risks in medical devices are higher than what the Food and Drug Administration reports.

“There’s at least some self-reported evidence that some patients are being harmed by compromised medical devices,” said Christian Dameff, UC San Diego researcher and emergency room doctor at the HIMSS Media Security Forum in San Francisco on Tuesday.

[Also: Vulnerable devices are a reminder to create solid patch management policies]

Dameff, along with his colleague, Jeffrey Tully, UC Davis security researcher and pediatrician, outline a recent simulation of what happens when a patient’s medical device gets hacked.

The patient, represented by an actor, presented signs of chest pain to a team of nurses and doctors. The team went through normal procedures to treat the patient directly reflecting his symptoms. However, the ‘patient’s’ pacemaker was malfunctioning and routine attempts to use a magnet to fix the problem didn’t work.

As a result, the ‘patient’ kept dying and coming back to life because the hacked pacemaker kept shocking the patient at the wrong time.

What’s also concerning was the reaction from clinicians who took part in the simulation were completely unaware the device had been compromised, said Dameff. They were also asked if they would know what to do if a device was hacked, and all of them said ‘no.’ What’s more, none of the team had been trained in reacting to medical device hacks.

The point, Dameff said, is that while many have said these types of scenarios are relatively low, “the argument that something with a likelihood of being rare isn’t a reason to not address it.”

“The first time something like this actually happens will change the conversation entirely,” said Dameff. “We need talk about more than just devices -- also infrastructure. The risk is involved in every aspect of care. It’s important to be aware of the entire picture.”

“We rely on an incredible amount of technology to care for patients and trust the technology implicitly to care for our patients,” said Tully. “We’re afraid there’s a storm on the horizon -- and it may already be here. Healthcare cybersecurity is no longer really a compliance issue. It’s not only a protecting patient health information issue. Healthcare security is a patient safety issue.”

The next upcoming HIMSS Healthcare Security Forum is slated for Oct. 15-16 in Boston. 

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Topics: 
Medical Devices, Privacy & Security
Share
View all comments 0

Top Story

female patient paying bill next-gen revenue cycle
Top Story
Next-gen revenue cycle to refine value-based care with advanced analytics

Most Read

See which hospitals earned worst scores for hospital-acquired infections (list, map)
How does blockchain actually work for healthcare?
Nuance knocked offline by ransomware attacking Europe
Nuance still down after Petya cyberattack, offers customers alternative tools
Allscripts hit by ransomware, knocking some services offline
Blockchain's potential use cases for healthcare: hype or reality?

Research

White Papers

More Whitepapers

Mobile
Mobile
Mobile

Webinars

More Webinars

Interoperability
Privacy & Security
Patient Engagement

Video

Tips for supporting nurses, doctors through the digital transformation
Tips for supporting nurses, doctors through the digital transformation
The importance of clinical engagement in healthcare's digital age
The importance of clinical engagement in healthcare's digital age
Using telehealth to bring care to war zones
Using telehealth to bring care to war zones: Waheed's mission
Linking primary care to population health
Linking primary care to population health: Behind the Primary Home model

More Stories

Apple files patent blood pressure monitoring

A diagram of the pending patent. 

Apple files patent for blood pressure monitoring device
Medical device threats are real, risk to patient safety
Medical device threats are real and a risk to patient safety
AI ethical concerns
Despite AI ethical concerns, IoT investments on rise new report says
Hospitals investing big in clinical communications with secure texting
Hospitals investing big in clinical communications as secure texting gains traction
New genomics analytics platform from Databricks
New genomics analytics platform from Databricks aims to speed discovery of new treatments
Investment firm KKR to take Envision Healthcare private in a $5.5M deal

Emergency department services are among the assets acquired by KKR. 

Investment firm KKR acquires Envision Healthcare in a $5.5B deal
Providence St. Joseph's big AI and machine learning projects

Credit: St. Joseph Healthcare

Providence St. Joseph finds success leveraging AI and machine learning projects
Next gen quality and safety for healthcare
Next-gen quality and safety: Genetics, communication, social determinants, data all are at play