Key Points
- More and more medical gadgets, from C-PAP machines to insulin pumps and continuous glucose monitors, are linked to the internet to treat disorders like diabetes and manage sleep.
- Glucose metres and insulin pumps can now be Bluetooth-connected to cellphones, while C-PAP machines can store and transmit data to healthcare professionals without requiring an office visit.
- The world of remote patient monitoring is expanding and the internet of things for personal health offers numerous advantages, but the FDA is also paying closer attention to cybersecurity dangers.
Diabetes patients have been at the forefront of the internet of things' steady growth in the remote monitoring and management of common health conditions.Diabetes patients have been at the forefront of the internet of things' steady growth in the remote monitoring and management of common health conditions.
A little more than one in ten Americans, or 37 million people, have diabetes. Smartphones are increasingly being connected via Bluetooth to devices like continuous glucose monitors, which continuously check blood sugar levels, and insulin pumps, which have been around for decades. There are several advantages to the enhanced connectedness. People with type 1 diabetes are able to review weeks' worth of data on blood sugar and insulin administration, making it simpler to notice trends and fine-tune dosing, which allows them to have much tighter control over their blood sugar levels.
The medical device business has learned from diabetes patients who have become so skilled at remote monitoring that they have hacked equipment themselves to better manage their medical demands.
However, there are dangers associated with the ability to monitor medical issues online, such as malicious hacking. There are hazards to protecting patient data and access to the gadget itself, even though medical devices, which need FDA approval, are held to a higher standard than fitness devices. The FDA has often issued alerts regarding the susceptibility of medical devices, such as insulin pumps, to cyberattacks, and manufacturers have recalled goods because of vulnerabilities. This happened with Medtronic's MiniMed 600 Series insulin pump in September; the FDA and the manufacturer had issued a warning about a potential flaw that would allow unauthorised access and raise the possibility that the pump might deliver too much or too little insulin.
Type 2 diabetes, sleep apnea, and remote medical assistance
The medical device industry offers patients new advantages from remote monitoring in areas other than diabetes. C-PAP equipment can now retain and send data to healthcare practitioners without requiring an office visit for sleep apnea, which is thought to impact up to 30 million Americans (and one billion people worldwide).
During the pandemic, the number of internet-connected medical equipment increased since there was a strong drive to treat patients at home due to lockdowns. According to Gregg Pessin, senior director of research at Gartner, as the number of virtual care visits increased, "it opened everyone's eyes to home-based medical devices for remote patient monitoring."
Companies like Dexcom, Insulet, Medtronic, and Abbott Laboratories have benefited from consistent sales of continuous glucose monitors and insulin pumps, and it is anticipated that sales of diabetes tech devices would increase. In addition to the 37 million Americans who have diabetes, 96 million persons are thought to be pre-diabetic, according to the Centers for Disease Control and Prevention. Manufacturers of insulin pumps and continuous glucose monitors, which have long been the gold standard of care for type 1 diabetes, are increasingly focusing on patients with type 2 diabetes as well.
Danger in many medical cybersecurity forms
Medical device cybersecurity risks are divided into three groups by industry security specialists.
The risk to patient data comes first. Patients must set up online accounts in order to download data from many medical devices, such as insulin pumps, to a computer or smartphone. These accounts may contain private information, including Social Security numbers and private health information.
As shown by the headlines about the possibility of hackers accessing a medical device like Medtronic's pump and changing dosage parameters, which might have catastrophic consequences, there is also a risk to the medical device itself. Infusion pumps, which include insulin pumps, were found to have "known security flaws" in 75% of cases, according to an analysis by Unit 42, a cybersecurity company that is a subsidiary of Palo Alto Networks. According to May Wang, chief technology officer of internet of things security at Palo Alto Networks, in a lab test, hackers were able to access infusion pumps and change the quantities of medications. "Therefore, cybersecurity is no longer merely about data leakage or privacy. More importantly, it's life or death "She spoke.
However, according to Pessin of Gartner, this danger is minimal in practise. "It's just a matter of time before you'll be able to do it" in the controlled environment of a laboratory, he added, but "it'd be much more difficult" in the real world.
Medtronic's worldwide product security office regularly analyses the security products throughout their existence, according to a company spokeswoman. The business designs and manufactures medical devices to be as safe and secure as possible. In order to resolve vulnerabilities and "take action to protect patients through a coordinated disclosure process and security bulletins," the organisation also keeps an eye on the cybersecurity landscape.
In September, Medtronic provided instructions to consumers on how to disable the possibility of inadvertent insulin delivery by disabling the option to dose remotely using a different device.Medtronic's worldwide product security office regularly analyses the security products throughout their existence, according to a company spokeswoman. The business designs and manufactures medical devices to be as safe and secure as possible. In order to resolve vulnerabilities and "take action to protect patients through a coordinated disclosure process and security bulletins," the organisation also keeps an eye on the cybersecurity landscape.
In September, Medtronic provided instructions to consumers on how to disable the possibility of inadvertent insulin delivery by disabling the option to dose remotely using a different device.
The connection between the medical equipment and network, whether it uses WiFi or 5G, is the third cybersecurity concern. The risk of malware is rising as medical devices become increasingly networked; this concern is well-known in other industries and may soon affect the healthcare sector. Wong cited a 2014 incident in which Target exposed private customer data after installing a malware-infected HVAC system.
While there haven't been any reported cases involving medical equipment used at home, it may only be a matter of time, and older devices that aren't constantly updated are more vulnerable. Some hospital medical equipment is vulnerable to attack because of outdated operating systems. Unbeknownst to healthcare professionals, some medical imaging equipment, some of which have a lifespan of more than 20 years, are still using Windows 98 without any security updates. MRI scanners and X-ray machines have also occasionally been compromised in order to run crypto mining operations.
Control of gadgets
More guidelines and regulations regarding medical device security have been pushed for by lawmakers and professionals in the healthcare industry.
Senators presented the PATCH Act in April of last year to impose obligations on medical device manufacturers seeking FDA approval to adhere to cybersecurity standards and to maintain upgrades and security fixes. More recently, new medical device cybersecurity rules were added to the $1.65 trillion omnibus appropriations package that was passed at the end of 2022. The terms of the law, according to experts, are nonetheless relevant even though they do not go as far as the PATCH Act requirements.
An FDA representative told CNBC that the omnibus bill's new cybersecurity provisions mark a major improvement in the FDA's supervision of cybersecurity as a component of a medical device's safety and efficacy. Manufacturers will be required to implement procedures and plans to disclose vulnerabilities, among other requirements. Device makers must also promptly release updates and security patches for "critical vulnerabilities that present uncontrolled danger" to devices and connected systems.
How to exercise self-control as a buyer
Consumers debating whether or not to use such a device can start by checking the manufacturer's website for statements about cybersecurity and HIPAA compliance for the protection of their private health-care information. Doctors are increasingly prescribing glucose monitors and insulin pumps for both type 1 diabetes and the much more prevalent type 2 diabetes. They can also speak with their doctors about security, while cybersecurity experts claim that more needs to be done to raise awareness of these issues among medical professionals.
To be informed of security upgrades, users of medical devices connected to the internet should register with the manufacturer. Since so many devices these days have WiFi connectivity, practising basic cyber hygiene at home is essential. If sharing or downloading data, make sure the WiFi network is secured with a strong password, and use a strong username and password on the business website. Additionally, many customers are choosing to save all of their internet login details in a password manager. Make sure household PCs and phones are secure as well because gadgets can communicate with one another over WiFi.
0 Comments