Cyber criminals hacking remote-controlled medical devices could kill patients, conference hears

accreditation

Hackers who breach security firewalls could potentially kill patients wearing remote-controlled pacemakers or insulin pump devices.

The main reason behind hacking of medical devices is usually the same as any cyber crime - identity theft and fraud. 

Speaking at the Hospital Association of SA's annual conference in Cape Town on Tuesday, Tanya Vogt, executive officer of the SA Medical Technology Industry Association, it is true that there is no product which can 100% avoid misuse or being tampered with.

However, device companies are aware of this and test products extensively prior to bringing them to the market, and monitor applications continually.
 
It is particularly the case with novel medical technologies which combine a health tool with IT-based components.
 
Patients, healthcare providers and physicians using such technologies need to ensure they have the IT capabilities and infrastructure to process such data, including security measures. In this regard, the Protection of Personal Information Act is very relevant for all manufacturing companies.
 
Medtech companies selling these products do real-time monitoring and need to provide confirmation to users that they have addressed threat mitigation and that remediation processes are in place.

"While we must continue to keep up with technological advancement and strengthen legislation, the current South African regulatory framework already does much to prevent cyber breaches and reduce the risk of exposing patients to related risks," said Vogt.

Black market sales

Braam Oberholzer, head enterprise architect at Netcare and a pioneer in medical device software, said at the conference in Cape Town that the main purpose of criminal hackers of healthcare technology was identity theft. He added that last year already 15 million medical records globally were disclosed. Half way through this year, the number of disclosed records had already increased to 32 million.

"The danger is from those wanting street cred in the hacker community or criminals wanting to make a living out of it," said Oberholzer.

Medical data was relatively easy to hack in order to assemble an identity kit and forge documents which could fetch up to $20 000 on the black market, he said.

Oberholzer said the best way to curb the theft and disclosure of medical records was to use activity analysis software.

Corporates, researchers must collaborate

Greater collaboration between security research data scientists, data analysts and software companies would be needed to help bridge both the digital skills gap and improve security, Vogt added.

A working group was convened by the International Medical Device Regulatory Forum some six years ago to categorise this type of hacking risk, improve the quality of product management and the clinical evaluation of medical technology products.

The working group was also created to allow for risk-management, innovation and timely patient access to safe and effective medical devices. It works closely with the US regulator, the Food and Drug Administration (FDA) and other international regulatory agencies.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Rand - Dollar
15.66
+0.6%
Rand - Pound
19.63
+1.0%
Rand - Euro
16.82
+0.2%
Rand - Aus dollar
11.13
+0.6%
Rand - Yen
0.12
-0.3%
Gold
1,867.03
+0.7%
Silver
22.11
+1.4%
Palladium
2,006.99
+0.4%
Platinum
956.00
-0.3%
Brent Crude
113.42
+0.8%
Top 40
61,177
-1.0%
All Share
67,691
-1.0%
Resource 10
74,345
-0.4%
Industrial 25
71,771
-1.7%
Financial 15
15,802
-0.7%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot