The Internet of Things Security: Hacking Healthcare
One of the greatest technological achievements to date by far is the creation of the Internet. Not only did its emergence shake the entire world, effectively changing almost every aspect of our lives, but it has connected us all not only as a nation, but as a globe. Starting out with computers the size of walls and evolving to the laptops and smartphones of today, the Internet has become involved in more things than most had ever imagined. The most recent and rapidly-expanding Internet-related development is what is known as the Internet of Things.
The Internet of Things (IoT) is a term coined in 1999 by Kevin Ashton, executive director of the Auto-ID Center, that is used today to describe the network of physical devices which are embedded with technology that enables them to collect and exchange data via the Internet. Devices connected through IoT are commonly referred to as “smart devices” or “connected devices,” and they include a wide-range of numerous items, ranging from baby monitors, to cars, to kitchen appliances, and even light bulbs. Anything connected to the Internet falls under this broad category of the Internet of Things, so it is safe to say that IoT affects more areas of our lives than we may have once thought.
While it is an incredible feat that so many different and unique things are now connected via the Internet, IoT can also be an incredibly dangerous thing.
IoT Vulnerabilities, Real World Threats
As we have come to know all too well, when it comes to the Internet, anything that can be hacked, will be hacked. And while it may be an inconvenience to have your favorite social media site shut down because of a cyber-attack, or a major setback for a company’s image if they experience a data breach caused by phishing, IoT threats are different because they can have real-life, physical repercussions–a far greater and more lethal risk than any other cyber-threat.
Last year, hackers were able to remotely hack into a Jeep Cherokee’s Wi-Fi-enabled entertainment system, giving them access to the entire car–including its dashboard functions, brakes, and the car’s transmission. From across the country, these hackers were able to play with the car’s various features including the air conditioning and sound systems, and then suddenly, these hackers were able to cut the car’s transmission as it was going 70 mph down a major highway. While these ‘hackers’ were actually just researchers, Charlie Miller and Chris Valasek, testing their car-hacking research on a well-aware driver, the thought that in a similar situation, the Internet of Things could possibly be used by malicious actors to hurt or even kill a driver or other unsuspecting victims is terrifying to say the least.
IoT threats in the Healthcare Industry
Car hacking is not the only real-world, physical threat driven by IoT, as the healthcare industry has found a few IoT-related vulnerabilities of its own.
As more and more modern medical devices are being developed, they are adding to the collection of connected devices encompassed by IoT; however, many healthcare professionals have found that with these more advanced devices, comes more advanced cyber-threats as well.
One of the most recent and notable of these is the threat to Johnson & Johnson’s Animas One Touch Ping insulin pump. This insulin pump is special in that it is equipped with a remote control so that users do not need to remove their clothing to give themselves a dose of insulin. The problem with this is that the wireless connection between the remote and the pump is unencrypted, and consequently, highly vulnerable. Because of this, the pump can be hacked within a 25-foot radius of the user, and with the right radio equipment, a hacker can take control of the pump and trigger unauthorized insulin injections.
Not only does this threaten a specific device, but in some cases, it gives hackers access to the entire hospitals’ system. Similar to the car hacking instance, this not only poses immediate cyber-threats, but it could have deadly repercussions, as different diabetes patients need varying levels of insulin at different times. A malicious person could hack into these insecure devices and literally kill someone, so it is time that the healthcare industry started taking medical device IoT security more seriously.
IoT Security Tips for Healthcare
The IoT threats detailed above were caused primarily through security issues. The issue? There were no security defenses put in place to protect against any sort of attack. This is a serious problem and though it will take further research to make IoT security air-tight, a few tips to help enhance healthcare security for IoT medical devices include:
- Conducting a secure boot–A secure boot is making sure that when a device is turned on, none of its configurations have been modified. This step helps to ensure that no tampering took places while the device was not in use.
- Utilizing encryption–As we saw with the Johnson & Johnson insulin pump, a lack of encryption left patients lives literally in the hands of hackers. Encryption is an essential step that makes it that much harder for cyber-criminals to attack.
- Implement authentication for devices–If authentication is used, device access is limited and device-to-device communication undergoes intense scrutiny. This makes it more difficult for a security flaw to go unnoticed.
- Educate patients and staff–Though it affects such a huge portion of our lives, 87% of people have not even heard the term ‘Internet of Things.’ Education is really the greatest tool we have in our arsenal, so it is important to inform patients and staff of the very real risks of IoT security.
Security threats such as these make the Internet of Things seem like a terrible thing, but this advancement in technology is an excellent way to keep us all connected through items we would have never thought possible. Though this may be the case, it is important for these devices to be well-secured so that we can truly enjoy our connectivity.
Hailey R. Carlson | Axiom Cyber Solutions | 10/28/2016
