A group of university researchers were able to gain access to an implantable cardioverter defibrillator (ICD), reading sensitive patient information, disrupting its operation and even programming it to repeatedly administer strong electric shocks – with just a PC, a wireless radio with a couple of antennas and some free software. (Original article here)
Shocking? Not so.
With the increasing reliance on commercially available computing technology (which makes commercial and technological sense), it is only natural that along the benefits, comes the problems associated.
I first talk about IT security in Healthcare Informatics in 2002 and most people just shrug it off thinking that I’m being over-reactive and even had to write an article (published at DIMag.com) to convinence my immediate manager (Manager of the Radiology Department) to adopt a security policy I wrote to prevent computer viral infection from demo ultrasound units.
On a side note, NEMA’s whitepaper on “Defending Medical Information Systems” was published in Mar 2004, my article was published in Jan 2004. I wrote on the topic first 🙂 )
Alright, back to my post, with the recent technology explosion where new technologies are being introduced rapidly, IT security is fast becoming “an affair” that is rather difficult to manage, if there are not enough resources. Take Wireless technology for example, there are many hospitals that have adopted it as the network infrastructure of choice for certain areas due to the need for mobility (like ECG carts, Portable Ultrasound etc), try telling traditional Biomedical Engineers about limitations of Wireless network! Its a real challenge!
While the remote attack on ICD mentioned earlier on is kind of difficult to execute as the hacker need to (somehow) get all of his equipment within 10 centimeters of a target ICD, I’m sure that in the near future, someone will built these equipment small enough to be carried in a backpack, the question is, would the healthcare industry caught up on IT security issues by then?
I’m not going to rant more on IT security in Healthcare Informatics (maybe I’ll do another article as an update) but do check out the Articles/Whitepapers for a new good reads.