personal information continue to incentivize criminal activities.
Although identifiable health information has special value on the open
market, digital health cybersecurity deserves enhanced scrutiny due to the
multi-dimensional nature of digital health threats. 49 The digital health
marketplace includes countless networked endpoints exposed to threats via
the open Web; hardware that monitors, explores, or alters the human body;
and highly sensitive biological, medical, and other health information. 50
Furthermore, efforts to improve convenience of treatment often involve
consumer mobile devices and home networks with unknown security
Security vulnerabilities have been identified since 1988, when the Morris
worm crashed thousands of machines causing millions of dollars in damage. 52
Since 1988, hackers have increasingly exploited system vulnerabilities
affecting millions of systems and devices using various attack types. 53
However, it took twenty years before researchers hacked the first medical
devices, hacking a pacemaker in 2008.54 Since that time, hacks have
progressed to include insulin pumps and other devices. 55 In 2014, the
Department of Homeland Security (DHS), the FBI, and the FDA began
issuing security alerts of known medical device vulnerabilities, and in 2015,
hackers began using medical devices as an entry point onto hospital networks
to access patient data by hacking Hospira’s PCA infusion drug pumps. 56 So
49. 2016 Threats Predictions, MCAFEE LABS 14, 33–34 (2016), http://www.mcafee.com/
50. Barbara L. Filkins et al., Privacy and Security in the Era of Digital Health: What
should Translational Researchers Know and Do about it?, 8 AM. J. TRANSL. RES. 1560, 1564
51. Pardeep Kumar & Hoon-Jae Lee, Security Issues in Healthcare Applications Using
Wireless Medical Sensor Networks: A Survey, 12 SENSORS 55, 59 (2012) (discussing how
transmitting wirelessly, which is included in many sensor technologies, can be subject to
eavesdropping during data transmission from device through a network to a recipient).
52.Cr aig Timberg, Net of Insecurity, WASH. POST (May 30, 2015), http://www.
washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1/ (explaining how the
Morris worm used the openness of the Internet to quickly spread malicious codes that crashed
thousands of machines, exploiting a security flaw believed to be corrected).
53. See Taylor Armerding, The 15 Worst Data Security Breaches of the 21st Century, CSO
ONLINE (Feb. 15, 2012, 7:00 AM), http://www.csoonline.com/article/2130877/data-
century.html?page= 2 (documenting major security breaches of the 21st century).
54. Medical Device Security, SYMANTEC 1 (2016), https://www.symantec.com/content/
56. Id.; Chris Brook, Vulnerability-Riddled Drug Pumps Open to Takeover, THREATPOST
(May 5, 2015, 2: 34 PM), https://threatpost.com/vulnerability-riddled-drug-pumps-open-to-
takeover/112629/; Michael Mezher, Cybersecurity Researcher: Recent Device Vulnerabilities
Should Be a Wake-Up Call to FDA, REG. AFF. PROFS. SOC’Y (Apr. 5, 2016), http://raps.org/