Glucose control system using a smartphone and a glucometer attached to the skin.
Ute Grabowsky | photo library | Getty Images
The Web of Things for distant monitoring and management of common health issues continues to advance, led by diabetes patients.
About one in 10 Americans, or 37 million people, live with diabetes. Devices resembling insulin pumps, which date back many years, or continuous glucometers, which monitor blood sugar levels 24/7, are increasingly connected to smartphones via Bluetooth. Increased connectivity has many benefits. Individuals with type 1 diabetes can have much tighter control of their blood sugar as they’re able to view weekly blood sugar and insulin dosing data, making it easier to identify trends and adjust dosing. Lately, diabetes patients have turn out to be so adept at distant monitoring that the DIY patient hacker community has manipulated devices to raised manage their medical needs, and the medical device industry has learned from them.
But with the ability to monitor your health over the web comes with risks, including nefarious hacking. While medical devices that must pass FDA approval meet higher standards than fitness devices, there are still risks related to the protection of patient data and access to the device itself. The FDA periodically warned hackers of vulnerabilities in medical devices resembling insulin pumps, and product manufacturers recalled products linked to security vulnerabilities. This took place in September MedtronicThe MiniMed 600 series insulin pump that the corporate and the FDA warned had a possible issue that might allow unauthorized access, posing the chance that the pump could deliver an excessive amount of or not enough insulin.
Sleep apnea, type 2 diabetes and distant healthcare
The medical device market offers patients latest advantages from distant monitoring, not only for diabetes. For sleep apnea, which is estimated to affect as much as 30 million Americans (and a billion people worldwide), C-PAP devices can now store and send data to healthcare professionals without having to go to the office.
The variety of internet-connected medical devices has increased in the course of the pandemic as lockdowns have created a giant push to treat people at home. With the rise in virtual care visits, “this has opened everyone’s eyes to home medical devices for distant patient monitoring,” said Gregg Pessin, senior director of research at Gartner.
The regular sale of continuous blood glucose meters and insulin pumps has lifted the spirits of firms like Dexcom, IsletMedtronic i Abbott’s labsand sales of diabetes devices are expected to extend. In response to the Centers for Disease Control and Prevention, along with the 37 million people within the US who’ve diabetes, an estimated 96 million adults are pre-diabetic. Manufacturers of continuous glucometers and insulin pumps, which have been the usual in type 1 diabetes look after years, are also increasingly targeting patients with type 2 diabetes.
Various types of medical cybersecurity risk
Industry security experts divide medical device cybersecurity risks into three categories.
First, there may be a risk to patient data. Many medical devices, resembling insulin pumps, require patients to create online accounts with the intention to download data to a pc or smartphone. These accounts may contain sensitive information, not only sensitive health data, but additionally personal information resembling social security numbers.
One other threat lies with the medical device itself, as evidenced by headlines concerning the risk of hackers stepping into a medical device resembling a Medtronic pump and altering dosing settings with potentially fatal consequences. A report by Unit 42, a cybersecurity company that is a component of Palo Alto networksfound that 75% of infusion pumps – including insulin pumps – had “known vulnerabilities” that left them vulnerable to hacker attacks. May Wang, director of IoT technology at Palo Alto Networks, said that in a lab experiment, hackers gained access to infusion pumps by changing drug doses. “So now cybersecurity isn’t just privacy, it isn’t just data leakage. It’s more about life or death,” she said.
But Gartner’s Pessin said such risks are small in the actual world. Under controlled conditions within the lab, “it’s only a matter of time before you are capable of do it,” but in the actual world, “it might be rather more difficult,” he said.
A Medtronic spokeswoman said the corporate designs and manufactures medical technology to be as secure as possible, and its global product safety office always monitors safety products throughout their lifecycle. The corporate also monitors the cybersecurity landscape to handle security vulnerabilities and “take motion to guard patients through a coordinated disclosure process and security bulletins.”
In September, Medtronic notified users how you can eliminate the chance of unintentional insulin delivery by disabling distant dosing with a separate device.
The third threat to cyber security is the connection between a medical device and the network, whether it’s Wi-Fi or 5G. As medical devices turn out to be more connected, there may be an increased risk of malware that’s well-known in other industries that might soon find its way into healthcare. Wong pointed to a 2014 case where Goal leaked sensitive customer information after installing an HVAC system that was infected with malware.
While there aren’t any known cases of such cases via medical devices used at home yet, it could be a matter of time and older devices that should not updated recurrently are more in danger. In hospitals, old operating systems make some medical devices vulnerable to attacks. Some medical imaging systems, which may have a life cycle of greater than 20 years, still run on Windows 98 with none security patches, and there have been cases where MRI scanners or X-ray machines have been hacked to run cryptocurrency mining operations without the knowledge of the health service.
Device adjustment
Legislators and healthcare leaders are pushing for more medical device safety guidelines and regulations.
Last April, Senators introduced the PATCH Act to require medical device manufacturers searching for FDA approval to fulfill certain cybersecurity requirements and maintain security updates and patches. Recently passed in late 2022, the $1.65 trillion cumulative measures bill included latest requirements for the cybersecurity of medical devices. Experts said the provisions of the Act don’t go so far as the necessities of the PATCH Act, but are still significant.
An FDA spokesperson told CNBC that the brand new cybersecurity provisions within the omnibus act represent a major step forward within the FDA’s oversight of cybersecurity in the protection and effectiveness of medical devices. Among the many regulations, manufacturers can have to implement plans and processes to reveal vulnerabilities. Device manufacturers can even need to offer timely security updates and patches to devices and related systems to handle “critical vulnerabilities that pose an uncontrollable risk.”
How one can stay on top of things as a consumer
As doctors increasingly prescribe glucometers and insulin pumps not just for type 1 diabetes, but additionally for the rather more common type 2 diabetes, consumers who’re wondering whether to make use of such a tool can start by checking the manufacturer’s website for cybersecurity statements and HIPAA compliant to guard their private healthcare information. They also can ask their doctors about safety, although cybersecurity experts say there remains to be work to be done to enhance education about these risks amongst healthcare professionals.
Consumers with an internet-connected medical device should register with the manufacturer to receive security update notifications. It’s also crucial to follow basic cyber hygiene at home as many devices at the moment are connecting to Wi-Fi. Make certain your Wi-Fi network is protected with a powerful password, and use a powerful company website username and password when you’re sharing or downloading data. More and more consumers at the moment are also selecting to make use of a password manager to store all their web login information. Since devices can interact with other devices over Wi-Fi, ensure that your house laptops and phones are also secure.