Innovation in healthcare in the 21st century has taken a big leap with the advent of wearable medical devices. These advancements now enable monitoring of several vital parameters like temperature, blood pressure, cardiac activity, breathing rate, and movement to help diagnose diseases such as diabetes, cancer, and lung disease. These devices play a crucial role in monitoring patient health during these unprecedented times when traditional consultations may not be feasible. The video below offers insights into the efforts of medical experts to enhance these instruments for better healthcare outcomes.
While wearable medical devices offer several benefits, they may be exposed to similar cybersecurity risks as other electronic and wearable devices. These risks may comprise unauthorized access to sensitive financial and personal data and ransomware, which exploit the technology used in these devices.
A report by Kaspersky revealed that the healthcare industry’s data transmission protocol has 90 known vulnerabilities, out of which 33 were identified only in 2023. Unfortunately, some of these vulnerabilities remain unaddressed, putting the data transmitted through wearable healthcare devices at risk of potential cyber threats. This article sheds light on the risks associated with wearable medical devices and how medical professionals can aid patients dealing with any problems encountered while using these devices.
Risks in the Digital Realm
Kaspersky conducted a study on the Message Queuing Telemetry Transport (MQTT) protocol, which is extensively employed for transmitting data from wearable healthcare devices. MQTT is known for its ease of implementation and widespread usage, making it the preferred choice for IoT devices. Moreover, this protocol enables devices to communicate efficiently across different locations, even when faced with unstable networks, and to acknowledge receipt of messages.
MQTT is prone to man-in-the-middle attacks as the protocol does not mandate encryption and authentication, making it easier for attackers to intercept sensitive medical, geographical, and personal data transmitted by wearable healthcare devices.
The ongoing pandemic has underscored the significance of digital technologies in the healthcare sector. With lockdowns and a surge in patient volumes, medical experts have been compelled to explore creative solutions such as telehealth consultations, wherein patients can communicate with their doctors via video calls, and the employment of wearable medical technology for monitoring vital signs, thus minimizing the necessity for in-person visits to the doctor’s office.
Impact of Misuse
One of the most concerning implications of employing wearable medical devices is that the data may be tampered with, compromising the quality of healthcare. A healthcare practitioner may provide incorrect diagnoses or advice if they operate with inaccurate or inadequate information related to a patient’s condition.
The practice of ‘surveillance advertising’ is another potential outcome of collecting personal information. According to Accountable Tech, a group dedicated to achieving sustained progress in social media, this approach entails ‘comprehensively monitoring and creating profiles of individuals and groups and tailoring advertisements to them based on their behavioural patterns, connections, and identity.’ As the company explains, this practice is intended ‘to keep users engaged so that more adverts can be directed at them, and more data can be extracted from them’.
Typical risks related to wearable healthcare gadgets are comparable to those prevalent in analogous technology for some time. A ransomware assault, for instance, may entail encrypting a patient’s data and subsequently demanding payment to decrypt it. In addition, a Bluetooth breach is also feasible when a patient uses their phone to link to the device, thereby enabling a hacker to acquire access to sensitive data, which can be deployed for identity theft or tracking.
Response from the Government
The Food and Drug Administration (FDA) is monitoring the situation closely. On their website, they state that they are actively working towards counteracting cybersecurity threats, which are constantly evolving in this rapidly changing environment, by regulating medical devices. To meet the desired outcomes, the FDA is collaborating with medical device manufacturers, healthcare providers, medical professionals, patients, information security experts, and other government organizations.
Manufacturers need guidance from the FDA to produce cyber-secure products, and the FDA should encourage manufacturers to report any concerns they encounter. If a manufacturer identifies an issue, the FDA may release a safety notice outlining the vulnerability and any requisite measures to resolve it. Moreover, it falls under the manufacturers’ purview to develop secure software.
The US Federal Trade Commission (FTC) is striving to bolster public faith in wearable healthcare devices. In late 2023, they released a policy declaration establishing that health apps and linked devices that collect or utilize users’ health information have to conform to the Health Breach Notification Rule. This directive stipulates that users and pertinent authorities must be informed in the event of a security breach concerning personal health data.
How Doctors and Nurses Can Assist You
Healthcare professionals have the capacity to enhance patient safety by undertaking the following measures:
- If you have the ability to choose your own medical equipment, it is recommended that you conduct research on the various products available and compare them to those recommended by the hospital or health centre.
- We can cut down on the volume of data being transmitted by modifying the settings and suggesting patients to do the same. One potential alternative is to deactivate location tracking.
- Set up new passwords for all systems, including computers and applications. Encourage patients to follow the same precautions.
- If your hardware and operating system enable it, encrypt your data. Advise patients to follow the same precautions.
Furthermore, doctors and nurses must advise patients to embrace the following safety measures:
- Maintain control over your wearable medical equipment.
- Do not connect medical equipment without consulting the manufacturer or a certified medical professional beforehand.
- Do not procrastinate in updating the device when prompted to do so.
- Familiarize yourself with how to secure each device by reviewing the provided instructions.
- Contact the manufacturer or your doctor if you observe any abnormal behaviour from the device.
- Communicate with family members and caregivers, and seek their opinions on how to enhance safety.