FBI: Be Wary of Connected Medical Devices

Marie Thibault

Patients with insulin pumps or users of mobile health wearables probably don’t realize the FBI is thinking about them, but it turns out the bureau is concerned about the risks around the rising use of Internet of Things (IoT) devices, including medical devices.

In a September 10 public service announcement, titled “Internet of Things Poses Opportunities for Cyber Crime,” the FBI outlined the ways IoT devices can put users at risk. Weak security and user ignorance about hacking risks can lead to hackers “compromising the IoT device to cause physical harm,” among other risks, the FBI notes.

Along with home appliances and office equipment, the alert singles out medtech products like wireless heart monitors and insulin dispensers, as well as fitness wearables, as IoT devices that might be targets for cyber crime.

The FBI gives a more detailed example of what a cybersecurity breach could look like for medtech patients:

“Criminals can also gain access to unprotected devices used in home health care, such as those used to collect and transmit personal monitoring data or time-dispense medicines. Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection . . .”

Users are encouraged to take a number of protective measures, including using IoT devices on separate, protected networks, purchasing such devices from makers that take cybersecurity seriously, implementing security patch updates, and knowing whether their medical device has risk factors like allowing remote operation or data transmission.

The FBI alert follows prior warnings about cybersecurity concerns related to medical devices from FDA and outside experts.

Marie Thibault is the associate editor at MD+DI. Reach her at [email protected] and on Twitter @medtechmarie.  

[Image courtesy of STUART MILES/FREEDIGITALPHOTOS.NET]