It’s the nightmare scenario: A hacker who is able to remotely access your pacemaker — and shut it off.
Pacemakers are programmed via wireless connections with a computer. That reliance on wireless signals, however, leaves pacemakers vulnerable to attack by hackers, who could drain the device battery and turn off therapies.Dangers of M-commerce
 |
| You can keep all your sensitive data stored on our key fob and access it by plugging it into your smart phone |
But there’s a danger for any health care–related m-commerce: In Ponemon’s 2011 study, data breaches were shown to have increased 32 percent from 2010, with 96 percent of health care providers admitting to having experienced at least one data breach in the past two years. Unfortunately, the increase in breaches hasn’t led to more or better precautions. In fact, 49 percent of respondents said their organizations do nothing to protect mobile devices. Even the simple act of misplacing a mobile device can be reason for serious worry.
“Two million smart phones are lost every year,” Golden said in her symposium presentation. “If the health care provider's phone is lost, think of all the information that can be on it.” Patient information, such as Social Security numbers, addresses, and dates of birth, can enable thieves to fraudulently obtain medical care or to create fake insurance claims to collect the proceeds.
 |
| With a biometric scanner and encrypted PIN Pad, only you can access vital information |
Wireless transmissions can also be intercepted. Golden notes that in general, since the networks mobile devices use for transmission are less secure, information can become more susceptible to hackers or renegade health care employees. Even when security tools are enabled for mobile devices, they don’t guarantee protection.
“Even encrypted [information] can be unencrypted by people who know what they're doing,” Golden said. On the more extreme end of the spectrum, medical devices that use wireless signals could put patients’ lives at risk. For example, Golden and graduate student Ilya Dayter point to research during 2008 in which two independent groups showed how a defibrillator can be attacked wirelessly. Within inches of the device, a combination heart defibrillator and pacemaker, researchers were able to reprogram it to shut down and deliver potentially fatal jolts of electricity, according to the New York Times.
What’s more, in Las Vegas at the 2011 Black Hat Technical Security Conference, an information security event for industry professionals, then-senior threat intelligence analyst (and diabetic) Jerome Radcliffe showed how it was possible to take control of his insulin pump, which uses a special remote to administer his insulin, through an easily obtained USB device coupled with his ability to eavesdrop on computer traffic.
“He didn’t obviously show the total damage because he would kill himself, but he showed how easy it was to hack into one of the devices,” Dayter said in an interview following the health care symposium.
Dayter says that because implantable medical devices are so small, it is difficult to add additional security features to prevent such hackings. That said, there are no confirmed cases of patients being hacked to death — so far.
Follow ePayment News at http://twitter.com/ePINDebit
