Digitally connected health devices such as pacemakers and MRI scanners in an Internet of Things (IoT) era can be fatal as hackers can exploit such devices and harm patients, the Royal Academy of Engineering has warned.
In two new reports published by the Royal Academy of Engineering and the PETRAS Internet of Things research hub late on Wednesday, security experts said that cyber attacks on connected health devices are of increasing concern as they could have severe consequences on patient safety.
“Ever greater numbers of health devices have been identified as being potentially at risk, including pacemakers and MRI scanners,” the experts cautioned.
The reports highlighted that digitally connected systems need to be designed with safety and resilience in mind to minimise future risk.
They could be vulnerable both to cyber attacks and non-malicious events such as natural hazards or the failure of components and the impact can be increased where systems are interdependent.
“The reports identify some of the measures needed to strengthen the safety and resilience of all connected systems, particularly the critical infrastructure on which much of our society now depends,” said Professor Nick Jennings, a fellow of the RAENG and Vice Provost at Imperial College London and lead author of one of the reports.
“We cannot totally avoid failures or attacks, but we can design systems that are highly resilient and will recover quickly,”
As the number of IoT devices increases in homes, workplaces and public spaces, the studies considered the potential for more aspects of people’s lives to be observed.
IoT devices can violate norms of private space – for IoT systems that control or process personal data, there may also be privacy threats from data sharing.
The reports recommend that the evolving nature of the challenges will require continual responsiveness and agility by government, regulators, organisations and their supply chains.
“There is no silver bullet for improving cyber security and resilience, we call on organisations to demand that products are “secure by default,'” the reports stressed.
“There is no going back on the Internet of Things, it is here to stay and offers many new capabilities. We should embrace it with a strategy that goes beyond IoT towards the ‘Internet of Everything’, with a greater focus on people, data and processes,” added Paul Taylor, UK Lead Partner-Cyber Security at KPMG.