Information Security for IoT Devices Used in Anesthesia Care

The Internet of Things, or IoT, describes the billions of devices around the world that are connected to the internet, collecting and sharing data.¹ When devices join the wireless network, they gain a level of digital intelligence that enables them to communicate real-time data without human involvement.¹ Though almost any physical object can become an IoT device if it is connected to the internet, common examples of IoTs include lightbulbs or thermostats that can be adjusted by smartphones, smartwatches or even self-driving cars.¹ IoT generally includes objects that would not normally have an internet connection and can interact without human activity, so smartphones and computers are not considered IoT devices.¹ The IoT allows for interconnection of everyday things, data collection, product evaluation and more.¹ IoT is becoming more common in all industries, including medicine.² IoT-enabled medical devices allow patients and health professionals to interact with real-time data, thus informing individualized medical care.² Though IoT is useful in various medical specialties, it must be approached with caution given the potential for data breaches.³

Recently, medical practice has seen an upsurge of IoT devices. For example, a paper by Ranjbar et al. proposes the use of IoT for maintenance of medical equipment.⁴ According to the authors, IoT is necessary for adequate maintenance and management given the technological complexity of modern medical devices and economic issues with repair.⁴ Additionally, data collected from IoT could help reduce medical equipment downtime and allow for device-related research and improvement.⁴ Another paper by colleagues of Dr. Francesca Stradolini, a researcher and electrical engineer who has done extensive work in the development of IoT devices in medicine, approaches the idea of using smartwatches for intensive care monitoring.⁵ The authors suggest that clinicians wear a smartwatch wirelessly connected to bio-sensory platforms for multiple patients, allowing the clinician to move throughout the hospital while constantly monitoring patients.⁵ A recent study by Ushimaru et al. used IoT to record the behavior of forceps and electrocautery during laparoscopic cholecystectomy, allowing the surgical procedure to be “visualized.”⁶ According to all these authors, the ultimate integration of IoT into various medical contexts may improve patient care and safety.

IoT devices are particularly useful in anesthesiology. An article by Stradolini et al. proposes an IoT cloud-based network for anesthesia monitoring, which would allow an anesthesia provider to remain connected to multiple sedated patients via an Android app.⁷ This system was further delineated in a later article by Stradolini and her team, which validated the use of the Android app for simultaneously monitoring propofol and paracetamol in undiluted human serum over time.⁸ The architecture of Stradolini’s design includes putting patient data in a cloud, which allows for its distribution to the anesthesia provider.⁹ Stradolini et al. claim that this patient-cloud-clinician connection could be applied to numerous medical devices, allowing for patient monitoring in a variety of contexts.⁹

Yet these technological advances do not come without warnings. IoT devices have security flaws,¹⁰ and hackers may be able to gain access to data attached to IoT systems.³ Ransomware attacks, for example, are situations in which hackers steal information and force organizations to pay for it.³ Data security and integrity is essential to the health professions, which are governed by the Health Insurance Portability and Accountability Act (HIPAA) privacy and confidentiality rules.¹¹ Criminals can gain access to unprotected medical devices, allowing them to obtain personal and medical information and to even change the code controlling medicine provision or health data collection.¹² In anesthesia-related medical devices, hackers may alter gas composition, manipulate device times and silence alarms.^13,14 IoT in medicine is not a panacea, and devices must be properly secured to avoid data breaches or machine alterations.

Contemporary technology has brought IoT devices to medicine. Recent proposals state that IoT devices may lead to improved patient care, surgical techniques and vital signs monitoring. However, IoT devices may be hacked, causing data breaches and possibly life-threatening machine alterations. Future studies should focus on tightening security for IoT devices in medical care, including at-home care.

1.         Ranger S. What is the IoT? Everything you need to know about the Internet of Things right now. ZDNet August 21, 2018.

2.         Bringing the Internet of Things to healthcare. Verdict Medical Devices. September 3, 2018.

3.         Zahra SR, Chishti MA. RansomWare and Internet of Things: A New Security Nightmare. Paper presented at: 2019 9th International Conference on Cloud Computing, Data Science & Engineering (Confluence); 10-11 Jan. 2019, 2019.

4.         Ranjbar E, Sedehi RG, Rashidi M, Suratgar AA. Design of an IoT-Based System for Smart Maintenance of Medical Equipment. Paper presented at: 2019 3rd International Conference on Internet of Things and Applications (IoT); 17-18 April 2019, 2019.

5.         Stradolini F, Lavalle E, De Micheli G, Motto Ros P, Demarchi D, Carrara S. Paradigm-Shifting Players for IoT: Smart-Watches for Intensive Care Monitoring. Paper presented at: Wireless Mobile Communication and Healthcare; November 14–16, 2016; Cham.

6.         Ushimaru Y, Takahashi T, Souma Y, et al. Innovation in surgery/operating room driven by Internet of Things on medical devices. Surgical Endoscopy. 2019;33(10):3469–3477.

7.         Stradolini F, Tamburrano N, Modoux T, Tuoheti A, Demarchi D, Carrara S. IoT for Telemedicine Practices enabled by an Android™ Application with Cloud System Integration. Paper presented at: 2018 IEEE International Symposium on Circuits and Systems (ISCAS); May 27–30, 2018.

8.         Stradolini F, Tuoheti A, Kilic T, et al. An IoT Solution for Online Monitoring of Anesthetics in Human Serum Based on an Integrated Fluidic Bioelectronic System. IEEE Transactions on Biomedical Circuits and Systems. 2018;12(5):1056–1064.

9.         Stradolini F, Tamburrano N, Modoux T, Tuoheti A, Demarchi D, Carrara S. Live Demonstration: An IoT Cloud-Based Architecture for Anesthesia Monitoring. IEEE International Symposium on Circuits and Systems (ISCAS); May 27–30, 2018; Florence, Italy.

10.       Kim H-J, Chang H-S, Suh J-J, Shon T-s. A study on device security in IoT convergence. Paper presented at: 2016 International Conference on Industrial Engineering, Management Science and Application (ICIMSA); May 23–26, 2016.

11.       Office for Civil Rights (OCR). Summary of the HIPAA Privacy Rule. July 26, 2013; https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html.

12.       Khera M. Think Like a Hacker: Insights on the Latest Attack Vectors (and Security Controls) for Medical Device Applications. Journal of Diabetes Science and Technology. 2016;11(2):207–212.

13.       AT&T Tech Channel. 7/19/19 IoT Vulnerabilities Found in Anesthesia Devices | AT&T ThreatTraq. YouTube; July 19, 2019.

14.       Crothers B. GE anesthesia machines can be exposed to hackers: DHS. Fox News. Web: FOX News Network, LLC; July 11, 2019.