The dangers of health monitoring devices in an aging population

Commonly used medical devices are at risk of being hacked and the data used for illegitimate purposes, new research suggests.

Given healthcare needs are expected to rise as the population ages, the research from Charles Darwin University demonstrates a critical need for internet-connected medical devices to become impenetrable.

CDU researchers hacked into three common medical devices: an oximeter which monitors blood oxygen saturation, a smartwatch, and a smart peak flow meter which measures airflow out of lungs.

The researchers aimed to explore the potential risks and vulnerabilities of these devices, which have become a critical part of the global healthcare system.

According to market research, it is estimated the market for these devices will grow from US$48.69 billion in 2021 to US$270.4 billion in 2029.

Study co-author Dr Bharanidharan Shanmugam, who is a lecturer in Information Technology at CDU’s Faculty of Science and Technology, said the team attacked each device using three different techniques.

The team successfully executed sniffing and jamming attacks on the oximeter and smartwatch.

“An oximeter sniffing attack involves intercepting and capturing data transmitted between the oximeter and monitoring systems or devices used by healthcare providers,” Shanmugam said.

“By intercepting communication channels, attackers can gain unauthorised access to sensitive patient data, such as oxygen saturation levels, heart rate readings and patient identifiers, leading to inaccuracies in patient monitoring and potentially incorrect clinical decisions.

“In smartwatches, sniffing attacks compromise user privacy by exposing confidential health information, such as heart rate, sleep patterns and activity levels, to unauthorised parties.

“A jamming attack disrupts the wireless communication between these devices and monitoring systems by interfering with radio frequency signals. It can result in a temporary or prolonged loss of data connectivity, preventing real-time monitoring. It can also delay timely medical interventions for critical care patients, which can cause healthcare providers to miss significant changes in a patient’s condition, increasing the risk of adverse outcomes or complications.

“Manufacturers must ensure the confidentiality, security and accessibility of the data collected,” Shanmugam said.

“This facilitates accurate health tracking, fosters user trust, and prompts timely medical consultations. As these technologies evolve and incorporate more sensors, the risk of attackers obtaining sensitive real-time data and profiling potential victims increases.”

Image credit: iStock.com/LeoWolfert