Docs should help design  medical IoT

Docs should help design medical IoT

Doctors - particularly the ones that work in emergency rooms – need to have strong stomachs and level heads, since they see illness and injury at their most serious. Violence, accidents and serious diseases are all a matter of routine in the ER.

Dr. Christian Dameff is a faculty member at UC San Diego’s medical school, has seen all of that and more, since he’s also a white-hat hacker and expert in medical IoT security. He warned the audience on Thursday at the Security of Things USA convention in San Diego that the state of that security is, frankly, alarming.

+ALSO ON NETWORK WORLD: Windows Server in the cloud: Can you, should you, and with which provider? + HPE gives up the battle for tier 1 data center customers

Technology is a central underpinning of all modern medical treatment, according to Dameff. Many younger doctors have never worked with paper charts, or written paper prescriptions, or looked at x-rays on a lightbox – it’s all digital.

“Software powers modern healthcare. It is as essential as antibiotics, x-rays and surgery combined.” he said. “Without our technical systems, doctors today are essentially helpless for taking care of strokes, heart attacks and traumas.”

There are two central issues, according to Dameff. Part of the problem is that the emphasis on security discussions in the medical field focus heavily on data security, mostly for regulatory reasons.

“When we talk about information security in healthcare, we talk about the HIPAA hammer,” he said, “because the fear of a HIPAA fine, and the fact that we have hundreds of data breaches every single year, has made this the focal point of your conversation.”

But a bigger issue is that the connected devices used to automate and speed up the tasks of care required by modern medicine are cripplingly, astonishingly vulnerable to compromise by outside agents.

The problem has existed for a long time, Dameff said, but the 2011 story of Jay Radcliffe, a diabetic security expert who discovered that a connected insulin pump he used was trivially easy to hack, helped bring the scale of the problem to the public’s attention.

“What surrounds the patient are dozens of wirelessly connected devices that are running legacy operating systems, that are unpatched, that have hard-coded credentials you can Google – that are controlling potent medications being infused into this patient that, if miscalculated or altered, can cause this patient to die. That is the state of modern healthcare IoT. We need to change it.”

Device makers need to work with doctors directly, Dameff argued, in order to usher in a newly holistic approach to the creation of medical IoT gear.

“Have them help you identify points of your product that, if it should fail, would result in patient harm, not just a compromise of their medical health information,” he said.”

Hacked hospitals

Nor are connected devices the only way that poor security affects hospitals. Aging, unpatched IT systems are vulnerable to a huge array of known hacks, and notorious attacks like WannaCry can knock whole systems full of hospitals with custom hardware offline.

For the everyday user, this is a headache, but for a healthcare provider, it’s a much more serious issue. Ransomware and denial of service kill people, Dameff stated, by inches – when the hospital’s systems are down, it hinders urgent care, so patients suffering from heart attacks or strokes have their treatment delayed by crucial minutes or even hours. That can mean permanent disability or death.

“We can’t take care of stroke patients without functioning CT scanners. We just can’t,” he said.

IDG Insider


«How to quickly and discreetly disable Face ID on the iPhone X


WD Blue 3D NAND SATA SSD review: One of the fastest TLC drives you can buy»
IDG Connect

IDG Connect tackles the tech stories that matter to you

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Should the government regulate Artificial Intelligence?