New research suggests millions of lives could potentially be at risk due to the large number of security flaws in medical systems and the latest artificial pancreas.
Just a few weeks ago, a group of security researchers reported that drug infusion pumps used by hospitals around the nation are plagued with a severe vulnerability, allowing remote attackers to change pump dosage, run their own commands and successfully execute targeted attacks. New research regarding vulnerabilities in an artificial pancreas have been brought to light, largely due to the way it manages insulin to diabetics.
If vulnerable, the artificial pancreas could be altered to display incorrect insulin levels transmitted from the victims glucose monitor to their insulin pump. The insulin pump, which is a physical external device, wirelessly connects to the pancreas glucose monitor implanted within the body itself.
According to new research published by the journal Diabetes, Technology and Therapeutics, Dr. Yogish Kudva, alongside several other researchers were the first to analyze the artificial pancreas and how it handles cyberattacks. Kudva warned that companies need to evaluate the security of artificial organs with extreme care, and ensure the organ’s are safeguarded from external attacks. Not only the organs, but all the components alongside them that communicate wirelessly through the body.
“We wanted to make sure that this important aspect of the field was adequately addressed as we get ready at scaling up on our studies,” Dr. Kudva said, speaking on artificial organ security with ABC.
The artificial pancreas works by testing a person’s blood sugar with the glucose meter inside the body, communicating back with the insulin pump, telling the pump to either raise or lower their insulin dosage in real-time.
Kudva warned that his team identified the data sent through each device is not encrypted, allowing a hacker to possibly intercept data and alter insulin levels sent to the device, posing a huge threat to human health. Kudva said encrypted communication’s could hinder hackers ability at tampering with data sent between the pancreas.
“I think the most important issue to get security people more involved ,” Kudva said, “I don’t think there is enough security expertise at this time.”
Despite the lack of research within the artificial pancreas industry, security researchers and medical officials both agree proper security measures must be implemented into protecting the organ and it must offer some kind of warning mechanism in the event of a cyberattack. Some medical officials even said security researchers need to go to great lengths to secure the pancreas from remote attacks.
In one case, a medical official suggested the pancreas and its counterparts should sound an alarm when under attack. The medical official said the device would only notify the victim if there was a large increase or decrease in dosage, then requiring the patient to manually confirm or deny the influx in dosages.
One artificial pancreas is already in the private market and Kudva predicts the organ will be readily available to the public within the next three years but warned companies need to be transparent with security measures they have already taken, thus ensuring the pancreas is not vulnerable and all methods of exploit can be thoroughly vetted.
As artificial organs move towards a new market, security research cannot afford to have any blunders, one simple slip could cost not just one person, but potentially millions their lives.
Artificial organ hacking brings a new meaning to the term “human hacking.”