Federal agency outlines potential vulnerabilities in cutting-edge technology.
Artificial intelligence and other developing technologies have potential to help health care – and could be new gateways for cyber threats.
The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) this month analyzed potential vulnerabilities in the cutting-edge technology being integrated into medicine and many other facets of life.
“Modern information technologies are having a profound effect on the health sector, but they also bring with them security considerations,” said the report, “Emerging Technology and the Security Implications for the Health Sector.”
HC3 acknowledged a number of definitions of AI, calling it “technology that mimics human activity, decision-making, and learning.” The agency cited IBM and John McCarthy, a Stanford University computer science professor who coined the phrase “artificial intelligence,” and now is regarded as “the father of AI.”
AI has potential to analyze large data sets, make faster decisions and predict outcomes. At least one news report found an AI program by Google outperformed expert radiologists in spotting breast cancer in mammograms.
AI “is not inherently insecure,” but it allows for reidentification of deidentified data, raising concerns about patient confidentiality and privacy.
Fifth generation cellular network technology – officially called “5G New Radio” – increases data transfer speeds and simultaneous handling of more devices. That could help medicine through telehealth offerings, surgical robotics and possible telesurgery.
The 5G connectivity is expected to enable the Internet of Medical Things (IoMT), such as wearable medical devices that transmit patient data to physicians. Citing health insurer Anthem, 86% of physicians say IoMT devices increase patient engagement with their own health.
But 5G cybersecurity threats overlap with IoMT threats. Device connectivity, software and hardware must have security measures built in to defend against hacks, according to HC3.
Nanomedicine is the application of very small technology to medicine. Applications can include delivering drugs at the cellular level and improved diagnostic imaging due to unique properties of nanoparticles.
It also opens the possibility of “hacking humans.” HC3 cited a study published at nanoappsmedical.com about extreme sophistication, but extreme vulnerability, of nanotechnology.
Attacking nanoparticles inside a patient may sound far-fetched, but hacking a medical device is not unheard of. Johnson & Johnson made news in 2016 when the company announced an insulin pump could be hacked, exposing diabetic patients to insulin overdose. It was thought to be the first time a manufacturer issued a warning to patients about “cyber vulnerability” in a device, according to a report from Reuters.
On Sept. 20, the U.S. Food and Drug Administration issued a security alert about a potential cybersecurity risk to the Medtronic MiniMed 600 Series Insulin Pump System. Although there were no known reports of the pumps being hacked, an issue in the device's communication protocol could allow unauthorized access, causing the pump to deliver too much or too little insulin.
Smart hospitals will have greater interconnectivity with real-time access to data and processing. That could lead to shared health records, efficient primary care, efficient disease prevention, more effective quality acute care and improved long-term disease management.
With a growing attack surface, security concerns about 5G and AI will apply. Patient confidentiality must be protected and continuous monitoring of hospital networks will be critical, according to HC3.
Quantum computing and cryptography will expand and speed up the computing power of technology, so health care technology programmers must assess risks. According to HC3, basic questions include: