How to Protect Personal Information with Medical Devices
Ellen McCullough
/ Categories: Security

How to Protect Personal Information with Medical Devices

Medical Devices May Allow a Backdoor for Attackers


Do you have a pacemaker?  Have you had an MRI?  Do you use a blood glucose meter that connects to your smartphone?  If so, it is important to consider the security implications of using these devices in today’s increasing technology connected world.  It seems that just about every appliance we own these days has a tiny little computer with an Internet connection inside of it, from our toasters to our washing machines.  These technologies allow us major conveniences such as adjusting the thermostat at home while on vacation or starting the car remotely so that it can warm up on a cold day.  These same types of technologies are being used to help doctors and other healthcare professionals treat patients more effectively.  Sometimes this is done when the devices, such as internal defibrillators, send important information wirelessly to the doctor.  Other times the special equipment, such as an MRI, CT, or ultrasound, allow the doctor to see the inside of the patient without needing to resort to surgical procedures.  The doctor can then see this imaging directly connected to the patient’s chart.

You might be wondering how this type of attack can take place.  Many of these smart devices reside on what is called the Internet of Things, or IoT.  Among all of its benefits, the IoT has one glaring weakness: security.  IoT devices are created to be an inexpensive, yet integral, part of our lives, but they are often not continuously patched for security and vulnerabilities.  This leaves them wide open to become victims of attacks like Trojans or ransomware.  Additionally, many healthcare organizations still use outdated computer operating systems or may not update them in a timely manner (2).  The use of operating systems, like Windows XP, that are no longer actively supported by their parent companies leaves the door wide open for attacks.

Why Does It Matter

The security risks for these types of devices can be posed in a variety of ways.  Most often, the attackers that exploit these devices do not do any direct harm to patients, although the potential has been shown to exist in a theoretical setting (1).  Instead, they use these devices to essentially hack into the internal network of the healthcare system.  From there, they are able to access personal health information (PHI).  This PHI is what identifies us as patients and typically includes sensitive information such as name, birthdate, address, phone number, insurance information, and medical conditions.  Attackers will steal that information and sell it to other criminals or hold it ransom to get money.

What Should I Do to Protect My Medical Devices?

So, what does this mean for you? If you own or wear a medical device that requires the use of a username and password, be sure to keep that information secure.  This means not sharing it with others, routinely changing the password, and taking care to use a very strong password to protect your information.  Strong passwords are those that have at least eight characters, a mix of uppercase and lowercase letters, and a number or symbol.  Also, the FDA provides regulatory oversight for these devices (3).  Writing to your Congresspeople to support laws that provide specific security requirements of device manufacturers will also help to regulate this industry and keep everyone safe.

Previous Article OCR Cybersecurity Newsletter: Defending Against Common Cyber-Attacks
Next Article The PATCH Act
6711 Rate this article:
3Upvote 0Downvote
Please login or register to post comments.
All information, thought, and references provided on Health eConsultation is intended for informational and educational purposes only. Health eConsutlation currently makes no attempt at HIPAA privacy compliance. Any trade names used are information and details given for the convenience of users and do not constitute an endorsement from Health eConsultation.
Use this site at your own risk, and do not use the information to make medical or legal decisions without first seeking guidance from a medical or legal professional.
Plain and simple, ads are used to help pay for the cost of the server and resources required to serve Health eConsultation members and provide an objective resource of health information and health education. Subscribers of Health eConsultation can access the site without having to view ads.
We are passionate about the therapeutic benefits that can be derived from appropriately applied health education .
More informed patients are healthier and less costly to provide care to.
We seek to give consumers and patients a voice, because in the end we are them.
Evidence based practices is what nurtures a thriving health system.


Health eConsultation members believe that health improvement is about patient knowledge, motivation and opportunity to act in concert with healthcare professionals to improve their condition.
Our primary purpose is to build a community around unbiased Health IT education so that people are able to focus on the information they need without having to navigate the vast amount of information that is available on the web.
Health eConsultation seeks to leverage responsible, engaging and, hopefully, motivating education, and information resources. The idea is not to scrape the content of other sites, but to investigate, synthesize, and report in order to create an evidence-base founded on increased rigor and research.
Health eConsultation educational material and website information are provided primarily through free resources, although some sites mentioned might require further registration and payment for particular membership or services.
All information, thought, and references provided on Health eConsultation is intended for informational and educational purposes only. Health eConsutlation currently makes no attempt at HIPAA privacy compliance. Use this site at your own risk, and do not use the information to make medical decisions without first seeking guidance from a medical professonal.
By registering with Health eConsultation you can participate in comments, ratings, and bookmarking. You can also keep track of the time that you spend learning about certain topics for your own records or to share whith health professionals you are working with.