Personal health data collected by medical devices could be at risk from malicious hackers, potentially leading to poor clinical decisions, new research has found.
Internet-connected medical devices such as smartwatches are used by billions of people around the world, but a new cybersecurity study from Charles Darwin University found they might not be as secure as people think.
The team of researchers hacked into three common medical devices: an oximeter which monitors blood oxygen saturation; a smartwatch; and a smart peak flow meter which measures airflow out of lungs.
They set out to discover the potential risks and vulnerabilities of these devices by using three different hacking techniques.
Study co-author Dr Bharanidharan Shanmugam, lecturer in information technology at the university’s Faculty of Science and Technology, said the team successfully executed sniffing and jamming attacks on the oximeter and smartwatch.
“An oximeter sniffing attack involves intercepting and capturing data transmitted between the oximeter and monitoring systems or devices used by healthcare providers,” he said.
“By intercepting communication channels, attackers can gain unauthorised access to sensitive patient data, such as oxygen saturation levels, heart rate readings, and patient identifiers, leading to inaccuracies in patient monitoring and potentially incorrect clinical decisions.
“In smartwatches, sniffing attacks compromise user privacy by exposing confidential health information, such as heart rate, sleep patterns, and activity levels, to unauthorised parties.
“A jamming attack disrupts the wireless communication between these devices and monitoring systems by interfering with radio frequency signals. It can result in a temporary or prolonged loss of data connectivity, preventing real-time monitoring.
“It can also delay timely medical interventions for critical care patients, which can cause healthcare providers to miss significant changes in a patient’s condition, increasing the risk of adverse outcomes or complications.”
Medical devices have become a critical part of the global healthcare system, particularly as telehealth and other digital solutions to healthcare needs become more widely available.
During the COVID-19 pandemic, for example, sales of oximeters surged as people looked to manage their infections at home. The Royal Australian College of GPs suggested using the devices, which might be provided by a GP, hospital or other care provider, to measure levels of oxygen in the bloodstream while isolating with the virus.
Meanwhile smartwatches are becoming an increasingly popular way for consumers to monitor their own health. A 2023 market study found 36% of Australians own a smartwatch, a 4% rise from the previous year.
It is estimated the market for medical devices will grow from $74 billion AUD in 2021 to $412 billion AUD in 2029.
Dr Shanmugam said given healthcare needs are expected to rise as the population ages, it was critical for internet-connected medical devices to become impenetrable.
“This facilitates accurate health tracking, fosters user trust, and prompts timely medical consultations,” he adds.
“As these technologies evolve and incorporate more sensors, the risk of attackers obtaining sensitive real-time data and profiling potential victims increases.”