When a man arrived at a North London hospital in the middle of the night, disturbed, distressed, having seizure-like movements and unable to speak, NHS emergency physician Isabel Straw was the first to respond. I had a hard time finding the reason. Her team went to him and no issues were revealed.
That was until she realized the man had a brain stimulator implanted in his head and its malfunction was probably the reason for his pain.
Straw is also director of the non-profit bleepDigital, which has urged decision makers at all levels to begin more research into the cybersecurity risks of medical devices, from consumers to implanted and ingested technologies. .
In a presentation at the UK Cyber Week on 4 April 2023, he said, “The past decade has seen many advances in these technologies that have created new vulnerabilities.
The Internet of Medical Things (IoMT), as all these devices have come to be called, is increasingly being used and increasingly interconnected, both outside and inside the body, in medical settings and in the home, so the IoMT The security threats they pose are of increasing concern and can have a significant impact on patient health.
Adding necessary safeguards for IoMT
The threat of these devices starting to malfunction or being hacked is real, and examples of cyber incidents involving IoMT devices are on the rise. As a result, Straw said, there is a need for greater coordination between manufacturers and governments to strengthen safeguards against security incidents and strengthen the ability to operate digital forensics.
She also argued that healthcare workers should be trained on as many models as possible about the technical issues that may be encountered with IoMT devices.
“In the case of the patient I mentioned, we had to look in his bag. Doctors at the hospital found a remote control for a brain stimulator that no one knew about. So I took a picture of it. I did a reverse Google image search and found a manual online a few hours later. If it happens again tomorrow, we still don’t know how to treat him,” she explained.
“To this day, we still don’t know why it malfunctioned. Often these medical devices don’t have memory space or digital forensics capabilities,” she added.
What happens to IoMT after death?
These devices can process an increasing amount of data, creating security risks and data privacy issues.
“Since 2013, brain stimulator electrodes have been able to read more data than just deliver voltage. We could read it externally, and we could use this to personalize the data we’re analyzing to the patient’s disease, but streaming people’s brain data also raises the issue of confidentiality. ‘ emphasized Straw.
In that case, brain stimulators not only need to be secure, but also the communication streams with medical centers, the systems that medical professionals use, and increasingly the cloud for medical professionals to process and analyze data. Cloud servers that use the service must also be secured.
Another challenge is dealing with deaths caused by medical devices. “If this man had died, what would have happened to his equipment? Should it be buried with him or disposed of? These questions have not yet been answered and we have not received training on these issues,” Straw said.
