latest headlines

Some medical devices vulnerable to hackers

Published: Monday, May 15, 2017 @ 5:38 PM
By: Rachel Murray

Jennifer Baker has two daughters with Type 1 Diabetes. 

"Insulin is keeping them alive," Baker said.

The girls wear insulin pumps, check their blood sugar levels and measure their carbs. Last fall, Baker learned of a potential problem in the specific insulin pump used by her daughter, Madison. 

The radio frequency between the remote control and the pump, could be hacked, according to Johnson & Johnson.

RELATED: More U.S. firms believed hit by cyberattack

The risk is low and a hacker would have to be within several feet of Madison to access the signal. But her pump is one of several medical devices the government has identified as being vulnerable.

The Food and Drug Administration has issued numerous alerts. In January, the agency issued a warning that the wireless signal between St. Jude's Medical Center pacemakers and their transmitter, could be hacked which could, "result in rapid battery depletion and-or administration of inappropriate pacing or shocks."

In 2015, the FDA said Hospira Infusion pumps could be accessed through a hospital's network and, "this could allow an unauthorized user to control the device and change the dosage the pump delivers."

"In theory, the risk is there to over-administer a lethal level of a type of pharmaceutical to a person, " said cyber-security expert Ali Alwan. 

He said there are no known cases of patients being killed or injured but controlling the equipment is not the only concern. Hacking your health could be the newest way to reach your wallet.

"The reason medical data is worth more is, it's very descriptive. It knows your height, your weight, the color of your eyes in many cases," said Alwan. "If you think about how you apply for credit or how you impersonate someone's identity, the more more descriptive information you have, it becomes so much more valuable."

We asked Miami Valley Hospital, Children's and Kettering Hospital what steps they are taking to protect patients against medical device hacking. Only Kettering responded and a spokesperson said, the hospital "cannot disclose the processes used to protect patients but is actively working to help ensure the security of medical devices."