The growth of the Internet of Things (IoT) in remote monitoring and managing common health issues, particularly among diabetes patients, has been steadily advancing.
Approximately one in ten Americans, totaling 37 million people, live with diabetes.
Devices such as insulin pumps, dating back several decades, and continuous glucose monitors (CGMs), which monitor blood sugar levels around the clock, are increasingly linked to smartphones via Bluetooth.
his enhanced connectivity offers numerous benefits. Individuals with type 1 diabetes can achieve tighter control over their blood sugar levels by reviewing weeks of data on blood sugar and insulin dosing, facilitating the identification of trends and adjustment of doses.
In recent years, diabetes patients have become proficient in remote monitoring, with a community of do-it-yourself (DIY) patient-hackers modifying devices to better suit their medical needs, prompting the medical device industry to incorporate these insights.
However, the ability to monitor medical conditions via the internet also entails risks, including potential hacking threats.
While medical devices, which require FDA approval, adhere to stricter standards compared to fitness devices, safeguarding patient data and preventing unauthorized access to devices remains a concern.
The FDA has periodically issued warnings about the vulnerability of medical devices like insulin pumps to hacking attempts, leading to recalls due to security vulnerabilities.
For instance, in September, Medtronic issued a notice regarding its MiniMed 600 Series insulin pump, highlighting a potential issue that could permit unauthorized access, potentially resulting in incorrect insulin dosages.
The expansion of remote monitoring extends beyond diabetes. For conditions like sleep apnea, which affects an estimated 30 million Americans (and one billion people globally), continuous positive airway pressure (CPAP) machines can now store and transmit data to healthcare providers without necessitating an in-person visit.
The COVID-19 pandemic accelerated the adoption of internet-connected medical devices as lockdowns underscored the importance of treating patients at home.
Gregg Pessin, a senior director of research at Gartner, noted, “Virtual care visits rose, opening everyone’s eyes to home-based medical devices for remote patient monitoring.”
The steady sales of CGMs and insulin pumps have bolstered companies like Dexcom, Insulet, Medtronic, and Abbott Laboratories, with projections of continued growth.
Beyond the 37 million Americans with diabetes, an additional 96 million adults are estimated to be pre-diabetic.
Consequently, manufacturers are increasingly targeting type 2 diabetes patients, expanding the use of CGMs and insulin pumps beyond their traditional application for type 1 diabetes.
The cybersecurity risks associated with medical devices are categorized into three main areas by industry experts.
Firstly, there’s the risk to patient data, given that many devices require patients to create online accounts to access data, potentially including sensitive health information and personal details.
Secondly, there’s the risk of compromising the medical device itself, exemplified by concerns about hackers altering dosage settings in devices like Medtronic’s insulin pumps.
Finally, the connection between medical devices and networks (like WiFi or 5G) poses a malware risk, akin to vulnerabilities seen in other industries.
While there have been no known incidents of malware affecting medical devices at home to date, older devices lacking regular updates may be more vulnerable.
Hospitals have faced challenges with medical equipment running outdated operating systems, leaving devices susceptible to cyberattacks.
Legislation and healthcare leaders have been advocating for enhanced guidance and regulations concerning medical device security.
For instance, the recent omnibus appropriations bill included new cybersecurity requirements for medical devices, aiming to ensure manufacturers meet cybersecurity standards and promptly address vulnerabilities.
Consumers considering the use of IoT-connected medical devices are advised to check manufacturers’ websites for statements on cybersecurity and HIPAA compliance.
They can consult with their healthcare providers about device security and should register their devices to receive security updates from the manufacturer.
Adhering to basic cybersecurity practices at home, such as securing WiFi networks with strong passwords and using password managers, is also crucial to mitigate risks associated with interconnected medical devices.