Blog Post

Cybersecurity Considerations for Connected Medical Devices and the “Internet of Medical Things”

Cybersecurity for IOmT connected medical devices.

Advancements in technology of the past few decades has led to the development of devices capable of connecting to one another via networks such as Wi-Fi and Bluetooth, allowing them to create, transmit and receive data between one another. Medical technology (Medtech) companies have utilised these features to develop connected medical devices. These devices can transmit patient data such as heart rate, blood glucose levels and sleep patterns, which can be monitored by healthcare professionals and clinical trials companies, allowing for accurate remote oversight of a patient’s condition for quick and accurate diagnoses and treatment from anywhere.

The existence of connected medical devices has led to the Internet of Medical Things (IoMT), the connected network of health systems and services able to produce, transmit and analyse clinical data, which is changing the shape of healthcare and clinical trials globally.

Despite the clear potential of IoMTs in the healthcare system, there are several factors affecting the development of connected medical devices and their uptake by the public. Worries regarding the security of their private clinical data in the light of cybersecurity attacks over the past decade, and subsequent data protection regulations put in place to prevent further leaks and their potential impact on future innovations in the medtech industry.

Connected Medical Devices and the Internet of Medical Things (IoMT)

There are over 500,000 connected medical devices (CMDs) currently on the market (1), which can be split into three key groups; stationary medical devices typically found in hospitals such as CT and MRI scanners, implanted medical devices such as pacemakers and defibrillators to monitor a patient’s condition more closely, and wearable medical devices such as smartwatches that track patient activity and insulin pumps (1). Many technology companies, including those which wouldn’t be classified as Medtech (Apple, Nike, Huawei) produce smart devices which produce data surrounding user activity such as exercise, heart rate and quality of sleep. In November 2021, the FDA authorised the first prescription-use VR system for chronic lower back pain, further highlighting the increasing opportunities for CMDs in healthcare (2). Artificial intelligence (AI) and machine learning (ML) algorithms can also be classed under CMDs, capable of automated learning using neural networks to search and analyse data much faster (3). These AI are commonly used to search for novel patterns in data, diagnoses and predicting outcomes, and optimising patient treatments and are commonly used in clinical trials (3).

These devices, the data they produce and the development of software capable of compiling and analysing this data has led to the creation of the Internet of Medical Things (IoMT), which has the potential to revolutionise healthcare (1). IoMT allows healthcare professionals to monitor patients in real time from anywhere, increasing the speed and accuracy of diagnoses and treatment. General uptake of IoMT in healthcare may improve disease and drug management, leading to better patient outcomes and decreased costs to healthcare providers.

Medical Devices and Clinical Trials

CMDs have allowed for hybrid and decentralised clinical trials (DCTs), in which trials take place remotely from patient’s homes and during their daily lives instead of on a trial site. The prevalence of DCTs have increased significantly since the start of the COVID-19 pandemic, in which patient access to clinical trials was reduced by 80% and monthly trial starts decreased by 50% (4).

DCTs allow patients to take part who would usually be unable to participate due to geographical or time limitations, while reducing time spent on-site. According to a study by CISCRP, 60% of patients see the location and time spent in a clinical site as important factors when considering clinical trials (5). CMDs can include telemedicines, smart phone apps and AI capable of analysing patient data. As a result of this, there has been ~34% annual compound growth of CMD use in clinical trials (6).These benefits are best portrayed by the significant growth in the IoMT market, which is expected to grow from ~$31 billion in 2021 to a predicted ~$188 billion in 2028 (7), with CMDs and wearable smart devices increasingly used in the home as well as healthcare institutions.

Cybersecurity Issues

Despite the advantages of the IoMT, the adoption of CMDs is hampered by concerns regarding the security of clinical data stored in the cloud, instead of traditional medical records stored on paper or in internal servers which are less susceptible to being leaked. IoMT devices are vulnerable to many types of attack which can interfere with patient monitoring and care. Examples of these include eavesdropping, in which an attacker gains access to private medical records which can then be used to unlock the CMD, gaining further access to unauthorised data and allowing them to tamper with private medical records (8). While the common aim of these attacks is to sell this data to a third party, attacks on IoMT devices could include changing medical data leading to improper diagnoses of patients, the prescription of medication leading to an allergic response, and inaccurate monitoring of medical conditions which would impact patient welfare and have potentially significant financial impacts (8).

There have been many instances of attacks on large technology companies in recent years. Fitbit, one of the largest producers of wearable activity tracking watches, has been revealed to be vulnerable to data leakage via network connection (9), and the Nike+ Fuelband is prone to attack due to its USB connector (10). Technology companies such as Huawei, Xiaomi and Jawbone have suffered data leaks (9).

These incidents have negatively impacted public trust in CMDs collecting medical data, with people typically not wishing to share medical information with non-NHS businesses for reasons other than direct care. While trust was shown to increase after a deliberative workshop, it remained low (<50%) (11). As shown here, public distrust towards CMDs amid cybersecurity scandals will halt the potential growth of IoMT and its applications in healthcare.

CMDs and IoMT provide a promising avenue for quick, efficient diagnoses and treatment of a variety of conditions and allow for DCTs which increases the number of willing participants and allows for remote accurate monitoring of conditions. However, cybersecurity issues halt the progress and uptake of CMDs due to public distrust and misuse of the technology by cyber attackers. Unfortunately, cybersecurity issues can typically only be addressed after the incident occurs, however updates to UK regulations regarding CMDs will help prevent future attacks and data leaks.

Cybersecurity breaches can have a variety of goals.

1)     Deloitte – Medtech and the Internet of Medical Things [Internet] 2018 – Available from: https://www2.deloitte.com/global/en/pages/life-sciences-and-healthcare/articles/medtech-internet-of-medical-things.html

2)     Sato T, Ishimaru H, Takata T, Sasaki H, Shikano M. Application of Internet of Medical/Health Things to Decentralized Clinical Trials: Development Status and Regulatory Considerations. Frontiers in Medicine. 2022;9. – Available from: https://doi.org/10.3389%2Ffmed.2022.903188

3)     Angus DC. Randomized clinical trials of artificial intelligence. Jama. 2020 Mar 17;323(11):1043-5. – Available from: doi:10.1001/jama.2020.1039

4)     McKinsey & Company – No place like home? Stepping up the decentralization of clinical trials [Internet] 2021 – Available from: https://www.mckinsey.com/industries/life-sciences/our-insights/no-place-like-home-stepping-up-the-decentralization-of-clinical-trials

5)     Anderson A, Borfitz D, Getz K. Global public attitudes about clinical research and patient experiences with clinical trials. JAMA Network Open. 2018 Oct 5;1(6):e182969-. Available from: doi:10.1001/jamanetworkopen.2018.2969

6)     Marra C, Chen JL, Coravos A, Stern AD. Quantifying the use of connected digital products in clinical research. NPJ digital medicine. 2020 Apr 3;3(1):1-5. – Available from: https://doi.org/10.1038/s41746-020-0259-x

7)     Fortune Business Insights – Internet of Medical Things (IoMT) Market [Internet] – Available from: https://www.fortunebusinessinsights.com/industry-reports/internet-of-medical-things-iomt-market-101844

8)     Hasan MK, Ghazal TM, Saeed RA, Pandey B, Gohel H, Eshmawi AA, Abdel‐Khalek S, Alkhassawneh HM. A review on security threats, vulnerabilities, and counter measures of 5G enabled Internet‐of‐Medical‐Things. IET Communications. 2022 Mar;16(5):421-32. – Available from: https://doi.org/10.1049/cmu2.12301

9)     Jiang D, Shi G. Research on data security and privacy protection of wearable equipment in healthcare. Journal of Healthcare Engineering. 2021 Feb 5;2021. – Available from: https://doi.org/10.1155/2021/6656204

10)  Arias O, Wurm J, Hoang K, Jin Y. Privacy and security in internet of things and wearable devices. IEEE Transactions on Multi-Scale Computing Systems. 2015 Nov 6;1(2):99-109. DOI: 10.1109/TMSCS.2015.2498605

11)  Chico V, Hunn A, Taylor M. Public views on sharing anonymised patient-level data where there is a mixed public and private benefit. NHS Health Research Authority, University of Sheffield School of Law. 2019 Sep. – Available from: https://s3.eu-west-2.amazonaws.com/www.hra.nhs.uk/media/documents/Sharing_anonymised_patient-level_data_where_there_is_a_mixed_public_and_privat_Pab71UW.pdf

Related Posts