Hackers, privacy breaches and medical device security

Medical Marcom

A Medical Marcom guest post from Christopher Burgess, the former senior security advisor to the chief security officer at Cisco.

In the first seven months of 2011, more than 5.5 million patient records containing personal health information (PHI) were exposed via 126 separate breach/loss events according to the Privacy Rights Clearinghouse (Date of info: Aug 27, 2011).

UPDATE – Insulin pump hacker outs Medtronic, company responds

Hackers

The security expert who hacked his own insulin pump revealed that the device came from Medtronic Inc. (NYSE:MDT), and accused the med-tech giant of ignoring his warnings.

Today the Natick, Mass.-based med-tech giant posted its official response to the hullabaloo, writing that it takes device information security very seriously but sees malicious medical device hacking as a very low threat.

Insulin pump hacker gets federal attention as Reps ask for GAO investigation

Hackers virtual world

The recent report of an computer security expert who hacked his own insulin pump got the attention of members of the House Energy & Commerce Committee.

This week senior committee members Anna Eshoo (D-CA) and Edward Markey (D-MA) urged the Government Accountability Office to investigate the safety and security of wireless medical devices, citing an article written about the pump hack.

Medtronic on insulin pump hacker: Not a big deal

Medtronic

Medtronic Inc. (NYSE:MDT) isn’t in an uproar over recent reports of a hacked insulin pump that could discretely deliver dangerous doses of insulin to a wearer.

"To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide," a director of PR from Medtronic’s insulin pump subsidiary MiniMed Inc. told TuDiabetes.org, an online social network for diabetics.

Hospital hack exposes more than 2,000 patient records

MassDevice On Call

MASSDEVICE ON CALL — Beth Israel Deaconess Medical Center is trying to make up for the exposure of more than 2,000 patients’ personal information that was hacked from a hospital computer.

The hospital told reporters that a computer repair vendor, who remains unnamed, failed to restore the computer’s security settings after servicing the machine. The computer was later found to have contracted a virus that snagged patient files and sent them to an unknown recipient.

Hack this: Researchers develop device to shield pacemakers

IMD Shield

Wireless devices have changed the way health information moves, making data more abundant and more accessible. But it’s also made medical devices more vulnerable.

Researchers at MIT and the University of Mass. Amherst are the first to develop a technology that could protect the millions of existing medical device implants without altering or replacing them.

Wireless technologies made their mark on medical devices in a big way, attaching themselves to everything from pacemakers and defibrillators to insulin pumps and nerve stimulators.

Hack protection: Protecting implanted devices from potentially lethal hackers

MIT

Most of the millions of implanted medical devices in existence today have a wireless component that allows doctors to monitor patients’ vital signs and revise treatment programs by tapping into the device’s signal.

But those wireless capabilities could also make devices susceptible to hackers, say researchers at the Massachusetts Institute of Technology.

Worst case scenario – hackers could program a device to deliver a medication overdose or electric shock that kills the victim.