The Internet of Things Creates a New Level of Vulnerability

By Shawn Dougherty May 12, 2014

Shawn DoughertyI’ve carefully examined the future of medicine in the digital age, and, as is often the case, there’s good news and bad news. Which do you want first?

The good news is that online technology and the Internet of Things have revolutionized how healthcare is delivered today. Doctors examine patients online using high-definition video and smartphones. Wireless pacemakers alert physicians to their patients’ cardiac problems. Artificial pancreases monitor glucose levels and provide insulin to diabetics.

The bad news is that wireless technology has made medical equipment more susceptible to misuse. A chain of healthcare facilities in the Midwest recently discovered that equipment throughout the hospital could easily be hacked. Someone bent on hurting a patient could alter morphine or antibiotic dosages remotely or prevent a Bluetooth-enabled defibrillator from delivering shocks to a patient suffering a heart attack. In 2007, former Vice President Dick Cheney had the wireless feature of his implantible defibrillator disabled out of concern that it could be hacked by terrorists.

It would be great if common cybersecurity measures were the remedy — for example, make two strong passwords and issue a hospital wide warning. But the reality is that no password is foolproof, and warnings are only heeded if they’re few and far between.

Perhaps medical equipment companies should take a page from the U.S. military. Last month, 60 Minutes reported that U.S. nuclear missile silos are controlled by computers that still use floppy disks. That might sound shocking in the era of cloud computing, but the commander interviewed in the story said the system is actually quite secure. He makes a good point. If the computers aren’t connected to the Internet, then they can’t be attacked by viruses, worms, and Trojan horses or taken hostage by someone or something else.

The challenge for healthcare providers and patients will be to evaluate whether the benefits of the Internet of Things outweigh the costs. Early detection during a heart attack can mean the difference between life and death. But putting wireless devices in hospitals — and in patients — potentially puts even more power in the hands of cyber attackers. The question really comes down to the individual. Most of us are more likely to suffer from disease than assassination, and the Internet of Things holds the prescription for a healthier future.

To learn more about cyber risk and cyber insurance, please e-mail me at sdougherty@iso.com. Also, make sure to follow me on Twitter @doughertyshawn.


Shawn Dougherty

Shawn Dougherty is the assistant vice president of ISO's Specialty Commercial Lines Division. He is responsible for providing the overall direction, leadership, and client service for ISO's cyber liability (e-commerce), D&O (management protection), businessowners, crime and fidelity, financial institutions, employment-related practices liability, and professional liability (other than medical) insurance programs. He is also the ISO product manager for the Lloyd's Wordings Repository, an electronic database of policy wordings and clauses regularly used within the London market. Mr. Dougherty has worked at ISO since 1988.