Don't Fall Victim to Murderous Medical Hackers

We now live in an age where a computer virus could hurt your body as much as a biological one.

If this seems far-fetched, you haven't paid attention to the news...

Two weeks ago, the latest warning involved a vulnerability in several models of insulin pumps from Medtronic. This software weakness means hackers could interfere with the insulin pump. In other words, a total stranger could "hack" your pump and cut off your lifesaving medication.

What's more, this comes just a few months after Medtronic issued a statement that there's also a vulnerability in some of its pacemakers.

You don't need to worry about some faceless hacker stopping your heart... at least, not yet.

For the latest warning regarding insulin pumps, the Food and Drug Administration (FDA) recommends swapping your model for a different one. Medtronic even recalled the MiniMed 508 model as well as 10 different MiniMed Paradigm models. (You can find the full list here.)

As for the defibrillators, there's no solution. The problem is that the system used to transmit the data has no authentication or authorization process.

Longtime readers know I always recommend two-factor authentication for all online accounts. Looks like Medtronic should be reading Health & Wealth Bulletin.

The good news is that no hacks have been reported yet. And with the news of this finding, security measures should be put into place.

But it's not just insulin pumps and defibrillators at risk.

There's a growing number of other connected medical devices. These include a Bluetooth-enabled blood pressure monitor, asthma inhalers, and even wearable health trackers like Apple's smartwatch. That means plenty of opportunities for hackers to, at best, steal our health data... and at worst, kill us.

And it's not just devices... In 2014, a hacker took down the Internet at a children's hospital in Boston.

So, if you're using any type of electronic medical device – or if you're spending time in the hospital for any reason – be sure to ask the following:

  • Does my device use radio waves to transmit data?
  • Is there anything I should do to update the software (if possible)?
  • How does your practice or hospital handle cybersecurity threats? 

For folks with insulin pumps, for example, there's often a USB connector that allows you to plug part of the device into a computer. From there, you can download your data and share it with your doctor.

That leaves you open to any viruses that could also come through your computer. That's why you should always take extra precautions to protect yourself.

Whether you have devices like these or not, chances are your health care provider will start moving more to connected devices and monitors. You likely already have an electronic platform for your health records, too.

That's why it's vital to protect your health by protecting your devices and your data.

As I mentioned earlier, the two-factor authentication process offered by many websites and online accounts is a great way to protect yourself. It requires you to enter not just a password, but a code sent separately to your cellphone or e-mail address.

Another good habit is to always check for updates to your software and any antivirus programs you have.

For devices that connect directly to the computer (like an insulin pump that includes a USB to plug into a computer), only connect at your doctor's office or at home.

Also, don't shop around for devices. Only use those recommended by your doctor or a reputable medical provider.

And look into stepping up your Internet connection. Every computer connects to the Internet through an Internet protocol (IP) address. IP addresses can pinpoint your physical location. They also show which Internet service provider you use.

If you want to eliminate others' ability to know this information, you can use a decentralized network called a "proxy" IP address. You can also use a VPN (virtual private network), or a P2P (peer-to-peer) network. Each has its own strengths and weaknesses. For example, a proxy may be faster, but a VPN may ensure a greater degree of anonymity. (You can learn more about these here.)

Finally, one last step to take... invest in quality virus and malware protection. Even when you use precautions online, sometimes you can still pick up bad stuff. I'm talking about computer viruses and malware, which is software that attacks your computer and can steal data.

You don't have to pay an outrageous fee for protection. Some great products out there offer free versions. Your Internet provider may offer a customer discount for others.

PC Magazine rates the top antivirus software programs every year. The latest version, published in February 2019, includes four editors' choice programs:

  • BitDefender
  • Kaspersky
  • Webroot
  • McAfee 

You can read the full ranking (and the lab tests behind it) right here. The review includes which products also fight malware.

Following these six steps is a great start to keeping you and your medical devices safe. And remember, it's good practice to follow these tips even if you don't have a device – the growing number of hacks will only keep expanding. It's better to proactively protect yourself instead of dealing with a dangerous – and possibly deadly – attack.

What We're Reading...

Here's to our health, wealth, and a great retirement,

Dr. David Eifrig and the Health & Wealth Bulletin Research Team
July 11, 2019