Hacked medical devices expose billion-dollar security risk

Person using oximeter. | Newsreel
Researchers have hacked into medical devices, such as oximeters, to highlight security issues. | Photo: Fresh Splash (iStock)

A team of Australian researchers have hacked into a range of medical devices to expose the vulnerabilities in the multi-billion-dollar market.

Scientists from Charles Darwin University (CDU), in the Northern Territory , hacked into three common medical devices: an oximeter which monitors blood oxygen saturation, a smartwatch, and a smart peak flow meter which measures airflow out of lungs.

Study co-author Dr Bharanidharan Shanmugam said billions of people around the world were using internet-connected medical devices to monitor their health, but could be putting themselves at risk of hackers using their data.

Dr Shanmugam said the researchers aimed to explore the potential risks and vulnerabilities of these devices, which had become a critical part of the global healthcare system.

“According to market research, it is estimated the market for these devices will grow from USD$48.69 billion in 2021 to USD$270.4 billion in 2029,” he said.

Dr Shanmugam said the team attacked the devices using different techniques.

He said the team successfully executed sniffing and jamming attacks on the oximeter and smartwatch.

“An oximeter sniffing attack involves intercepting and capturing data transmitted between the oximeter and monitoring systems or devices used by healthcare providers,” Dr Shanmugam said.

“By intercepting communication channels, attackers can gain unauthorized access to sensitive patient data, such as oxygen saturation levels, heart rate readings, and patient identifiers, leading to inaccuracies in patient monitoring and potentially incorrect clinical decisions.

“In smartwatches, sniffing attacks compromise user privacy by exposing confidential health information, such as heart rate, sleep patterns, and activity levels, to unauthorized parties.”

Dr Shanmugam said a jamming attack disrupted the wireless communication between the devices and monitoring systems by interfering with radio frequency signals.

“It can result in a temporary or prolonged loss of data connectivity, preventing real-time monitoring.

“It can also delay timely medical interventions for critical care patients, which can cause healthcare providers to miss significant changes in a patient’s condition, increasing the risk of adverse outcomes or complications.”

Dr Shanmugam said given healthcare needs were expected to rise as the population aged, it was critical for internet-connected medical devices to become impenetrable.

“Manufacturers must ensure the confidentiality, security, and accessibility of the data collected,” he said.

Read the full study: Risk Evaluation and Attack Detection in Heterogeneous IoMT Devices Using Hybrid Fuzzy Logic Analytical Approach.