You are here
Medical device cyber security: consumer information
Learn about medical device cyber security and keep your personal health information safe.
You may have noticed that some medical devices connect to the internet or your mobile phone. They might even send information to other people such as your doctor or the company that made the device.
These features, enabled by digital technology, aim to make your devices more useful.
They can help you:
- control the device
- track your health at home
- share information that your doctor might use to diagnose or treat you.
Some examples of medical devices with digital technology include:
- apps on your smartphone that allow you to record information
- implanted devices that can be remotely controlled, such as cardiac pacemakers
- smartphone-controlled hearing aids
- continuous positive airway pressure (CPAP) machines (for sleep apnoea).
Questions about your device
When you buy or get a medical device, you need to understand the cybersecurity risks.
Depending on the question, either your doctor or medical device manufacturer can help.
In relation to cyber security, questions to ask could include:
- What are the cyber security risks associated with use of my device?
- What are the default security settings?
- What happens to the security of the device if I change the default settings?
- When and how does this device connect to the internet? Including home WiFi, mobile networks, and public WiFi.
- Who has access to the information on my device or smartphone? Where does it go?
- How can I tell if a device has been hacked or compromised and who should I talk to if this is suspected?
- What do I need to do to maintain the device (updates)?
- Do I need to check any settings on the smartphone? For example, password settings and connectivity settings.
Cyber security problem or incident
Smartphone, computer, or tablet
If the cyber security problem is with the operating system of your smartphone, computer, or tablet, or, a specific app, you will usually receive an alert from the manufacturer. They may ask you to update software or change your password etc.
Dedicated medical device with digital connectivity (digital glucose monitor)
Follow the manufacturer's instructions if you become aware of a cyber security issue with your medical device.
Talk to your doctor if you're worried about how your cyber security issue will affect your health.
Secure your medical device
Follow the instructions
You should always read the information provided with your medical device.
This includes its:
- instructions for safe use and maintenance
- its intended purpose
- any limitations associated with its use.
Talk to your doctor if you've lost or don't understand the instructions.
Protect your device
Make sure your connected medical devices are updated with the latest software. This is to ensure that the device remains as cyber-secure as possible in the event of new cyber security issues. You can get the latest updates from your doctor or the device manufacturer.
Be careful when away from home
Always be careful when using your medical device outside your home environment. If possible, avoid connecting to public networks that can be accessed by many people.
Don't send or receive sensitive information if you have to connect to a public network.
The password that comes with your medical device may not be strong enough. To improve your protection, change from a password to a hard-to-guess passphrase.
The Australian Government recommends that passphrases be made up of at least four words. Read more about how to create secure passphrases on the cyber.gov.au website.
The passphrase is a phrase that's easy for you to remember, but hard for someone else to guess. Avoid reusing the same passphrase.
Turn off features that you do not use
Your device might have some communicating capabilities that you don’t always use or need. An example is a Bluetooth capability that automatically allows your device to connect to your computer or a nearby WiFi network.
If you do not use this feature or only use it sometimes, you should turn the feature off when not needed. You should speak to your doctor before turning off any features.
Secure your digital environment
Secure your computing devices
Using security features on your computing devices is important. These security features include:
- the use of a passphrase or pin to unlock the device
- making sure that your devices have current security software
- keeping your software updated when prompted by your device.
Using the internet on your personal computer devices can affect the security of your network. The same network can affect your medical device.
Backups and protection
We all store a lot of precious data on our computers, such as photos and important documents. Your medical device might also be storing valuable data for your healthcare.
Creating backups of your data can help you recover it if something does go wrong. This involves creating an extra copy of your data on a storage device. This could be a USB or external hard drive, or to a reputable online cloud service.
Be cyber smart
Think about what kind of information you're sharing, and why someone needs it.
- Consider if the people you are giving your data to are trustworthy.
- How will sharing your data affect your security?
- What benefit will you receive by sharing your data?
You might share information when you use your medical device with a health professional or the company that makes the device.
If medical devices do this automatically, it should be disclosed in the user manual or other instructions for use. If not, ask your doctor or the manufacturer of your device.
You may want to share information online with people who have similar health conditions. Think before you share this kind of information. It could compromise your privacy, safety, or cyber security.
Sometimes your doctor will communicate with you via an electronic message.
Hackers might try to replicate this messaging to obtain your information directly. They might try to get you to click on a link that could take you to a malicious website.
Before acting on any information in a message, make sure it's from a trusted source. If in doubt, do not respond. Contact you doctor or the medical device manufacturer.
Some webpages can be unsafe and can affect your computer just by visiting them.
- minimise visits to unknown websites
- look for the padlock symbol
- or 'https' in the browser address.