Cyber risks in AI-powered healthcare wearables

Visit BSI's Experts Corner: Home for insights from BSI’s practice directors and industry experts on digital trust, environmental, health, safety, security, and sustainability.

April 19, 2023 - Wearable medical devices are innovating rapidly, and with that comes advancing tactics of cyber attackers. Wearables range from traditional, wrist-based consumer products to medical-grade devices such as implantable cardioverter defibrillators (ICDs) and smart patches, giving healthcare organizations remote access to real-time patient data.

The healthcare industry is increasingly reliant on cloud-connected wearable devices and artificial intelligence (AI) technologies to help store and process data exchanges between multiple stakeholders. In their recent Accelerating the adoption of connected health analysis, Deloitte forecasts that by 2027, wearable technologies will reduce hospital costs by 16%, and by 2037, the use of remote patient-monitoring devices is expected to save $200 billion.

Throughout 2023 and beyond, we anticipate that AI will transform wearable devices even further. This technology will collect larger sets of protected health information (PHI) and biometric data and increase data-processing power to enable health monitoring and the faster diagnosis of millions of people.

Cyber risks of AI in wearable devices

Though a breakthrough in patient care, healthcare providers must be aware of the cybersecurity risks associated with advances in AI technology and how to defend devices against potential attacks.

  • Data privacy breaches are extremely common in the healthcare sector. Onclave reports that 95% of identity theft comes from stolen healthcare records. With AI processing greater volumes of data, healthcare organizations should be mindful that the cyberattack surface is wider.
  • AI identifies patterns in patient data and can spot the onset of health complications such as cardiovascular disease or heart failure. If a cyber attacker manipulates this data from wearable sensors, it can lead to potentially fatal consequences. Furthermore, hackers can tamper with medical readings, leading to false diagnostics and medical prescriptions.
  • Healthcare wearables with AI are usually connected to other devices such as smartphones through wireless channels, including Wi-Fi and Bluetooth. If connections are weak, unauthorized access may be granted to hackers, leading to manipulated or stolen data.

Mitigating the possibility of a cyberattack in AI-enabled wearable devices requires implementing strong security measures such as multi-factor authentication (MFA) and data encryption. Cyber risks of healthcare devices will be the last concern for a patient undergoing treatment, making it more important to prioritize educating users on cyber risks at the point of adoption.

Innovating safely to protect people

Government regulations and reports are helping the healthcare sector adopt AI technology safely while prioritizing the well-being of patients. In 2021, the World Health Organization (WHO) released Ethics and governance of artificial intelligence for health, a report providing several principles as the basis for AI regulation and governance. At a national level, the UK’s Regulatory Horizons Council (RHC) recognizes the opportunities of AI and in response developed The Regulation of Artificial Intelligence as a Medical Device framework for ensuring the safe deployment of the technology in healthcare settings.

While it is clear that AI is enabling transformation across industries, its adoption in healthcare brings specific benefits to accelerating innovation in patient care while offering to enhance interoperability, trusted diagnoses, and improved efficiencies. AI offers many new frontiers for clinicians to quantify evaluation metrics, boost trust in their decision-making in digital health, and improve patient quality of life.

However, balancing innovation while protecting patient rights and privacy remains a barrier to broader healthcare consumer adoption. By taking a practical approach of embedding security and privacy controls to protect PHI and mitigate risk throughout the wearable product lifecycle design and development, the industry and clinicians will enable trust and ease uncertainty about whether their PHI is protected.

For more insights from Jeanne, read Digital trust in healthcare: Innovation vs protection. Learn more about digital trust in healthcare and how to improve quality, sustainability, and digital innovation here. Look out for the latest Digital Trust whitepaper: Supporting the healthcare ecosystem. For more insights on other digital trust, privacy, information security, and environmental, health, and safety topics that should be at the top of your organization's list, visit BSI's Experts Corner.