The Federal Bureau of Investigation has issued an alert warning companies and the public about the cybersecurity risks that networked medical devices and wearable sensors pose to consumers.

According to the FBI, these so-called Internet of Things (IoT) devices—which connect to the web automatically sending and/or receiving data—include a range of consumer devices from lighting modules to smart appliances to thermostats, as well as medical devices such as wireless heart monitors and insulin dispensers, and wearables such as fitness devices.

“As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors,” states the alert. “Similar to other computing devices, like computers or smartphones, IoT devices also pose security risks to consumers. The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats.”

Also See: Connected Health Devices Generate Innovation and Consternation

Garry McCracken, vice president of technology for security vendor WinMagic, calls the FBI alert “very significant” and says the IoT threat “has been sneaking up on a lot of people as these devices get deployed and become more ubiquitous.” Providing perspective to the scope of the problem, McCracken cites the fact that “there are more IoT devices connected than there are people on the planet.”

Nonetheless, when it comes to cybersecurity, he believes that to date IoT devices have garnered relatively little attention compared to computers and smartphones. “If we don’t pay more attention to the problem, we could find ourselves in pretty bad situations,” McCracken adds. Securing data at rest, he argues, is critical given that a lot of these devices collect and store data that can be accessed by unauthorized users.       

The FBI specifically calls out the potential vulnerabilities of IoT devices which can lead to the theft of personal information and intentional tampering with devices to cause harm. In particular, the agency warns that unprotected medical devices used in home healthcare, such as those used to collect and transmit personal monitoring data or time-dispense medicines, are a ripe target for cybercriminals, especially devices capable of long-range connectivity.

“Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection,” cautions the agency. “Patients should be informed about the capabilities of any medical devices prescribed for at-home use. If the device is capable of remote operation or transmission of data, it could be a target for a malicious actor.”

Similarly, the Food and Drug Administration issued an alert of its own recently regarding an infusion pump, which communicates with hospital information systems via a wired or wireless connection, strongly encouraging acute and non-acute healthcare facilities to discontinue use of these pumps due to cybersecurity vulnerabilities.

According to the FDA, by remotely accessing the pumps through a hospital’s network an unauthorized user could control the device and change the dosage the pump delivers, leading to “over- or under-infusion of critical patient therapies.”

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access