Hacking demo drives home complex reality of mHealth security

There are many frightening security scenarios in the healthcare industry, from having personal data stolen from your medical records to mistakes regarding needed medication in digital files.

But the fact that a hacker can alter a medication drip in an IV infusion pump nearly every surgical or hospital inpatient client is connected to may be one of the scariest--and deadliest--scenarios of them all. 

It doesn't require a great deal of coding or programming knowledge. Or, for that matter, time. A BlackBerry security researcher illustrated within 10 minutes during an event by the company how easy it is to hack a medical device. 

During the demo, BlackBerry Chief Security Office David Kleidermacher said "smart" hospital technology brings unintentional aspects. The tools can greatly help to improve patient outcomes, but also open another door for attack.

Now, of course, BlackBerry has an ulterior motive in presenting the scenario, they're in the enterprise device and system security business. But I believe the presentation was a fair and accurate portrayal of what's going in many healthcare organizations, and not because of staff slacking or a dismissive corporate nature. It's happening because security is getting highly complicated, and the industry is already facing some crushing realities regarding budgets, regulations and patient expectations.

And, as BlackBerry CEO Marty Beard noted during the event, it's not going to get any better, especially when it comes to machine-to-machine and medical sensor-to-medical app environments.

Why? Because connectivity between data and app is where there is true value in better patient care and treatment, as well as cost efficiency. The tradeoffs, however, are the inherent security issues.

As one panelist said during the event, the old days of doctor-patient interaction were extremely secure. It was face-to-face, and very easy as the data communication was verbal and in real-time. However, while that kind of treatment was secure, a great deal of valuable data was not within reach or being used to enhance care.

The question moving forward is how to attain the security of the "old days" while embracing the constantly evolving technology. The scenario is not a luxury any longer; it's a necessity. - Judy (@JudyMottl and @FierceHealthIT)