The key points explored at the ongoing RSA 2018 included situations to which medical practitioners aren’t trained to deal with. Such as someone hacking a medicine pump and modifying doses leading to overdosing of a particular medicine.
At the conference, doctors also simulated a medical emergency situation to test the diagnosis skills and decision-making proficiency of a doctor in worst-case scenarios like the one mentioned above. Unsurprisingly, the doctor took considerable time in realizing that the emergency was caused by a malfunctioning of a medicine pump.
Doctors Jeff Tully and Christian Darneff, both Pheonix graduates and having the hacking background, hosted the RSA session, which was held on Thursday. Darneff is an emergency physician and University of California San Diego’s clinical informatics fellow while Tully is an anesthesiologist and pediatrician at the University of California, Davis.
A University of California, Davis, physician, and toxicologist Dr. Kim Kwai was tested at the conference and wasn’t briefed about the fictional patient or the issue at hand as well as the course of the event beforehand. A fictional 60-year old male served as Kwai’s patient, played by a cyber-safety innovation fellow at the Atlantic Council, Beau Woods.
Woods complained about feeling chest pains for a week and was presented with rapid heartbeat, also called atrial fibrillation. Dr. Kwai asked the patient some questions and ordered her medical team to administer Cardizem IV drip to treat Afib.
Initially, the patient showed reasonably good chest x-ray and bloodwork but soon after he complained of lightheadedness and lost consciousness after which his heart stopped beating. The patient was replaced with a dummy upon which Kwai’s team performed CPR.
Dr. Kwai couldn’t understand the reason behind patient experiencing cardiac arrest and that’s when Tully explained that the whole bag of Cardizen had been emptied to make her realize that the medicine pump was compromised.
The issue was diagnosed as calcium channel block overdose. In order to treat the patient, insulin was immediately ordered.
After the simulation, Kwai explained about the experience: “Being alerted that the entire bag was empty kind of made me think of a pump malfunction, maybe. I have never really thought to look at the bag. In fact, I was not looking at the bag.”
Dr. Kwai pledged to remain alert from now on.
Although the patient survived in this simulated scenario, what would have happened if this was a real-life situation? It would be difficult to notice the empty bag soon enough and by the time doctor noticed it would have been too late to save the patient.
Pacemaker, Insulin Pumps And Defibrillators All Vulnerable
Moreover, hackers can easily compromise all types of devices including pacemakers, insulin pumps, defibrillators and similar personal medical devices that are connected to the online network, which would definitely put patients’ lives in danger.
That’s because hackers can control the signals sent and received by these devices and then can perform a variety of notorious tasks. Such as, they can potentially affect the stock prices of the manufacturer, ask for ransom from the hospital, medical supplier or the individual and may even choose to harm the patient physically.
And, how can we overlook the fact that the three mainstream US-based medical devices manufacturers namely Medtronic, St. Jude Medical (Abbott) and Boston Scientific already have been issued warnings for their devices.
University of Arizona’s associate professor and a specialist at the Association of Health Care Journalists conference in Phoenix, Roman Lysecky, referred to medical-device compromising as a looming threat. Lysecky explained his fears:
“My biggest concern is that we won’t see a dramatic change until we have a cataclysmic event, a device that’s actually attacked that would kill a patient. I fear that that might be what ends up causing a real change in the community. I’d like to see it not come to that.”