THE BLOG

Hacking Our Health

08/12/2015 09:23 GMT | Updated 07/12/2016 10:12 GMT

Everything is becoming more connected: not just traditional computers, but household objects such as fridges, TVs and central heating systems - and even us. Gartner recently predicted that there will be 21 billion 'Internet of Things' (IoT) devices in use by 2020.

As the IoT grows and becomes part of the fabric of our lives, it's not surprising that this includes the healthcare industry; and we've already seen reports of vulnerabilities in medical devices (pacemakers, for example) that could result in harm to patients. Clearly, these new capabilities bring new risks. Doctors and nurses are now able to monitor patients remotely, and sadly medical devices are a potential future target for cyber-attackers.

You may wonder why hackers would target the healthcare industry and exactly how they would benefit from this.

Well there are a range of motives for all kinds of cyber-attack, ranging from financial gain, the desire to make a social or political point, cyber-espionage or even, potentially, cyber-terrorism. In the case of medical devices, such an attack could be highly targeted - for example, altering the dosage or combination of medicines, to cause harm to a specific individual, or to damage the reputation of the company who has developed the device or the medication.

What is clear is that hacking a medication process would cause significant disruption and possibly endanger lives. And fixing flaws in medical devices may be far from easy. For example, with pacemakers, if a vulnerability is found then it may not be possible to roll out a patch, as you could for a smartphone or PC. So it may be very difficult to secure these devices once implanted, as the whole thing may need replacing - a costly and logistically difficult process.

In fact, the spread of the IoT in general is making hacking easier than ever before for cybercriminals. Recent research we carried out with Swedish bio-hacking community BioNyfiken found a rise in the number of people who implant technology in their bodies - not for medical reasons, but simply because of greater convenience in everyday life. This includes people with smart implants that allow them to control door locks, make purchases and gain access to computer systems with the wave of a hand. So whether it's for medical or commercial reasons, when we allow humans, not just computers, to contain increasing amounts of personal, hackable data, it's even more imperative to ensure that it's kept safe from cyber-attacks.

So, is there any way the healthcare industry can help to protect us?

Sadly, all too often it's not until something bad happens that companies take security seriously. But when it comes to risks that could endanger lives, it's essential that security is implemented at the design stage of a product or device - before it's rolled out for public use.

But more than this, the healthcare industry can protect us from cybercrime by questioning the level of connectivity built into a system. Connectivity offers great convenience, but if it's indiscriminate it also gives hackers the chance to undermine the process. If connectivity is a must, it should be implemented with security in mind: the device should carefully monitor connections, looking for anything out of the ordinary that might indicate a threat.

We're on the brink of a world where everything is connected - not just traditional computers, but everyday objects and even humans. This offers great promise, the chance of a bright future that brings with it a better quality of life. This is true especially in the sensitive areas of healthcare, with sophisticated medical devices enhancing the lives of disabled, sick and old people - extending the biological capabilities of our bodies. However, while all this can improve our lives, we shouldn't ignore the potential down-side. Connectivity can be abused and a world of connected everyday objects opens up new attack vectors - not only, as now, threatening our computers, but even our lives. In recent years, there have been reports of vulnerabilities in several medial implants, such as pacemakers and insulin pumps. It's vital that we find ways to secure such devices, to ensure that we reap the benefits without putting ourselves at risk.