'Internet of Everything' Growing More Powerful, and Dangerous

Brian Buntz

August 2, 2013

4 Min Read
MDDI logo in a gray background | MDDI

About a year ago, I penned a piece titled "An Internet of You: Bringing Sensors Out of the Clinic into Our Lives," that explained the vast potential of sensing technologies and mobile hardware to disrupt healthcare. The title was a play on Kevin Ashton's "Internet of Things," which has been repurposed by Cisco as the "Internet of Everything." Speaking of Cisco, the organization states that "99% of things in the physical world are still not connected to the Internet." As you might expect, more and more things are being wired, and Cisco predicts that, by 2020, there will be 50 billion connected devices on the planet.

Of course, medical devices are becoming more connected as well, and, smartphones and tablet computers are connecting to them with every-greater frequency. Smart devices are helping to catalyze a wave of innovation, in the form of apps, all of which has a lot of potential to help us understand our health with more clarity. But, as things stand now, the interoperability of medical technology is becoming a significant problem, and few of the consumer health and medical devices are able to communicate with each other.

Nevertheless, such technology could potentially be used to create a real-time health monitor, And as people such as Leslie Saxon, MD and Peter Diamandis, MD have advocated, this capability could help bridge the gap between how we monitor our health versus how we monitor our vehicles and consumer devices. As Diamandis puts it: "Today, my car, my airplane, my computer know more about their health status than I do, which is insane."

In the future, such a health dashboard could potentially even predict health problems before they happen, mimicking what OnStar offers drivers but with our own bodies. Eric Topol, MD has envisioned that mobile technology could be used in conjunction with nano-implants to detect the earliest traces of cancer, or predict heart attacks before they happen.

Great Potential, Great Risks

As the number of connected medical devices swells, they could potentially work in unison, with each type gathering valuable intelligence. But as the connectivity of medical devices improves, so does the volume of security problems going forward. "We see the same thing all over the place with TVs, cell phones, etc. Every computing device is starting to see these types of security problems," says cybersecurity specialist Jay Radcliffe. "IT is an uphill battle for information security specialists trying to make these devices safe to use and protect people's privacy at the same time."

In this Bloomberg interview, hacker Barnaby Jack described how he hacked insulin pumps, obtaining the devices' serial number remotely and instructing it to deploy its entire insulin reservoir.

That sentiment falls in line with the thinking of Future Crimes founder Marc Goodman, who has observed that the explosion of the Internet has already given way to a new class of criminals, who, among other things, attempt to make money off of illegally obtained personal data. Not all hackers are necessarily after money though. Each month, two million unique computer viruses are created, many of them are simply malicious, written for the sake of entertainment for their programmers.

White-hat hacker Barnaby Jack, who recently passed away, had acknowledged the possibility of hackers infecting medical device makers' servers with viruses that could ultimately affect devices such as pacemakers. Jack has also demonstrated the possibility of hacking insulin pumps to deploy their entire payload of insulin at once. The system can scan for insulin pumps in a range of 300 feet and obtain their serial numbers and ultimately remote control of the device.

These scenarios may sound far-fetched, but all of the security analysts I've interviewed agree that the medical device industry has been slower to acknowledge security risks than other industries and that, at present, hospitals tend to take the issue of cybersecurity more seriously than device makers. The Wall Street Journal just published an article that supports this idea as well, with the headline: "Medical Device Makers Slow to Address Cyber Risks, Hospitals Complain." In any case, the steadily rising number of wireless-connected medical devices certainly poses a risk, Radcliffe says. There are already as many as 60,000 wireless pacemakers implanted into patients in the United States. Such devices, along with implantable cardioverter-defibrillators can be hacked, with potentially deadly results.

Such dramatic medical device hacking scenarios, which still remain technical possibilities rather than reality at this point, also serve in bringing greater attention to the relative ease of hacking wireless-enabled medical devices in general. For instance, devices such as blood pressure monitors use old software and do little to protect them against malware exploits. It seems that the medical device industry is looking at adding and expanding wireless functionality faster than it is implementing tighter security measures.

Brian Buntz  is the editor-in-chief of MPMN and Qmed. Follow him on Twitter at @brian_buntz

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like