Homeland Security Warns of Mobile Health Risks

This article published with permission from The Burrill Report.

Imagine if a hacker could insert a virus into a wireless monitor that would make it send the wrong data to the doctor, potentially not only harming the device, but also the patient. It’s not as absurd as it might appear, and it’s just one of the many ways that the proliferation of new digital health care applications is creating new risks.

The Department of Homeland Security has issued a report warning of the increased potential for cyber attacks to medical networks as a result of the proliferation of mobile medical devices, including wireless monitors, medical apps, smartphones, and tablets.

In the report, “Attack Surface: Healthcare and Public Health Sector,” the agency says potential vulnerabilities of mobile medical devices on medical IT networks is of major concern, and hospitals and companies in the business of patient care and management should be aware of the risks and make sure to implement robust security measures.

While medical devices are regulated by the U.S. Food and Drug Administration before they are marketed, they don’t regulate their use or their users, including how they are linked or configured within networks. Although most devices are still designed to be connected to a network at their point of use, the report finds that the increased flexibility and scalability of wireless networking has made wireless access a convenient option for organizations. It also networks more vulnerable to cyber attacks.

“The expanded use of wireless technology on the enterprise network of medical facilities and the wireless utilization of medical devices opens up both new opportunities and new vulnerabilities to patients and medical facilities,” says the report. “Since wireless medical devices are now connected to Medical Information technology networks, IT networks are now remotely accessible through the medical device.”

While mobile devices make it easier for doctors and health care organizations, it places a higher priority on securing networks containing medical information from malicious attacks. The report provides a list of ways that care providers can make their networks more secure, such as using the latest anti-virus and spy-ware software and making sure it is updated frequently, encrypting data during transmission at both ends of the channel, securing passwords and possibly isolating medical devices on separate networks that could then be accessed through the main network.

One of the reasons Homeland Security put out the report is because many hospitals and medical care systems tend to put network security on the back burner when they are faced with financial pressures. But if an attack occurs and patient data is breached, the care organization is liable for damages. The agency wants to make sure that these medical organizations are aware of the vulnerabilities posed by the increased use of wireless technology, especially as they move to smartphones and tablets. If such a device is lost or stolen, the threat of a breach increases.

Copyright 2012 Burrill & Company. For more life sciences news and information, visit www.burrillreport.com.