Health monitoring devices at risk of being hacked, study shows

Billions of people around the world are using internet-connected medical devices to monitor their health, but could be putting themselves at risk of hackers using their data for unhealthy reasons according to a new cybersecurity study. 

Charles Darwin University (CDU) researchers hacked into three common medical devices: an oximeter which monitors blood oxygen saturation, a smartwatch, and a smart peak flow meter which measures airflow out of lungs. 

The researchers aimed to explore the potential risks and vulnerabilities of these devices, which have become a critical part of the global healthcare system. 

According to market research, it is estimated the market for these devices will grow from USD $48.69 billion in 2021 to USD $270.4 billion in 2029.

Study co-author Dr Bharanidharan Shanmugam, who is a Lecturer in Information Technology at CDU’s Faculty of Science and Technology, said the team attacked each device using three different techniques.

 

The team successfully executed sniffing and jamming attacks on the oximeter and smartwatch.

“An oximeter sniffing attack involves intercepting and capturing data transmitted between the oximeter and monitoring systems or devices used by healthcare providers,” Dr Shanmugam said.

“By intercepting communication channels, attackers can gain unauthorized access to sensitive patient data, such as oxygen saturation levels, heart rate readings, and patient identifiers, leading to inaccuracies in patient monitoring and potentially incorrect clinical decisions.

“In smartwatches, sniffing attacks compromise user privacy by exposing confidential health information, such as heart rate, sleep patterns, and activity levels, to unauthorized parties.

“A jamming attack disrupts the wireless communication between these devices and monitoring systems by interfering with radio frequency signals. It can result in a temporary or prolonged loss of data connectivity, preventing real-time monitoring. It can also delay timely medical interventions for critical care patients, which can cause healthcare providers to miss significant changes in a patient’s condition, increasing the risk of adverse outcomes or complications.”

Dr Shanmugam said given healthcare needs are expected to rise as the population ages, it was critical for internet-connected medical devices to become impenetrable. 

“Manufacturers must ensure the confidentiality, security, and accessibility of the data collected,” Dr Shanmugam said. 

“This facilitates accurate health tracking, fosters user trust, and prompts timely medical consultations. As these technologies evolve and incorporate more sensors, the risk of attackers obtaining sensitive real-time data and profiling potential victims increases.”