Connected medical devices have become extremely popular, with many hospitals using them to improve patient monitoring and care activities. Additionally, many health-conscious consumers use these products to stay better informed about their well-being and encourage themselves to adopt healthier habits.
Although these medical devices are undeniably convenient and valuable for providing insights people may otherwise miss, the connectivity aspect increases the risk of hacking.
Which Medical Devices Are Common Hacking Targets?
Although hacking attempts threaten all medical devices that can connect to the internet, research shows some products are more frequent targets than others.
1. Devices Running on Old or Unsupported Operating Systems
Cybercriminals often exploit medical devices with old operating systems, especially if vendors no longer support those offerings. A 2024 study of known vulnerabilities in health care devices found a high exploitation likelihood for 85% of surgical devices with outdated operating systems because of the vulnerabilities those products contained. Additionally, 32% of the devices running on unsupported operating systems were medical imaging products.
2. Products With Unpatched Vulnerabilities
Once medical device manufacturers learn about cybersecurity threats, they typically release patches to address them. However, device owners still must install those software updates once available. Some product makers are also slow to act even once outside parties alert them to cybersecurity problems. These realities mean that some connected medical devices remain unprotected from hackers’ attempts.
One 2023 study examined various connected products to learn more about the most weaponized common vulnerabilities and exposures and those with the most attack attempts. Imaging workstations, media writers and infusion pumps were some of the connected medical devices mentioned in the study. The researchers noted that imaging workstations were popular targets because of the potential negative impacts breaches cause on hospitals. That is particularly true due to the vast amounts of patient data these products hold.
How Do Hackers Exploit Medical Products?
Medical products are perpetually among commonly hacked devices, but how do cybercriminals break into them?
1. Exploiting Products With Known Risks
Connected medical devices with unpatched security threats or those running old operating systems are some of the easiest options for hackers to target. Sometimes, these products act as gateways for people to infiltrate larger systems.
2. Launching Ransomware Attacks
Health care organizations manage massive amounts of data, much of it containing personal details unauthorized parties could use for identity theft. Many hackers may view hospitals and similar medical facilities as some of the most lucrative entities to target. Statistics confirmed the exposure of 385 million patient records within 12 years, emphasizing the problem’s magnitude.
Ransomware attacks can immediately lock down entire networks, compromising all the associated files, computers and other devices connected to them. Many affected parties agree to pay huge ransoms, believing this is the best way to tackle the disruption. However, some people who provide those amounts never get all their data back or find it corrupted once it’s returned to them.
3. Interfering With Communication Components
Most connected medical devices send and receive information, relying on wireless communication capabilities. While conducting a 2024 study about vulnerabilities in connected medical devices, university researchers attempted to hack a peak flow meter, an oximeter and a smartwatch.
They successfully carried out sniffing and jamming attacks affecting the communication channels of the oximeter and smartwatch. Those efforts allowed them to intercept and seize data traveling between those devices and the monitoring platforms used by health care professionals. Additionally, these hacks let the researchers view sensitive patient information.
How Can People Protect Medical Devices From Cyberattacks?
Medical device hacks are genuine risks, and people should take steps to safeguard them, whether at the personal or organizational level. How can they do that?
1. Apply Security Patches and Software Updates Promptly
One of the easiest but most effective ways to keep connected devices safe is to ensure they are all running the latest operating systems and software. Additionally, people should download and install security patches for known vulnerabilities as soon as those get released.
An easy way to manage a relatively small number of devices is to activate their automatic update settings. People should also check for an option that allows them to choose when new software installations happen. Then, they can do it during the most convenient times, such as overnight or outside of the busiest patient care hours.
Alternatively, those working to update devices across whole organizations should consider products and strategies to make the task easier. For example, products offering real-time location services for a hospital’s connected devices can optimize equipment management and reduce threats by verifying where at-risk assets are. Then, IT security teams cannot overlook critical devices when rolling out updates or installing patches.
2. Practice Good Password Hygiene
Many people are so used to setting passwords for their various personal and work devices and accounts that they overlook the importance of these credentials for maintaining security. Whether someone is setting up a medical device for home use or a large health system, they should always select unique, hard-to-guess passwords. Unfortunately, since those responsible do not always follow these best practices, their shortcomings can become entry points for hackers.
During a 2024 presentation, security and tech experts reviewed password-related problems that could lead to health care hacks. They mentioned how people never change their devices’ default settings, making the passwords easily obtainable. Another bad habit is using an overly simple password, such as Password1. Then, when organizations require that people update their passwords every few months, many just increase the number on the end by one. Unfortunately, hackers know that tendency and may exploit it.
Strong Cybersecurity Keeps Medical Devices Safer
This overview shows that medical device hacks are common, but specific cybersecurity choices can reduce them. Proactiveness makes breaches less frequent and severe so the consequences are less disruptive to patient care and business operations.
