This pilot scenario involves the remote monitoring and potential emergency treatment of patients in real-time. Inside the Klinikum Nuremberg in Germany, various important IT systems may store and process medical data (e.g. Electronic Health Record (EHR)/Electronic Medical Record (EMR)). To automatically collect and process these data, various medical devices and instruments are connected, through wired or wireless communications, with the EHR/EMR systems. For example, smart insertable cardiac monitoring devices may be connected to automatically inform the doctors with patient data, or they may be used by nurses to note the daily treatment/medication received by a patient. Also, medical instruments such as medical radiation devices can be connected to EHR/EMR IT systems to assist doctors during medical treatment. Other IT equipment may involve secondary services such as access to the internet. Outside the hospital, various medical IoT technologies can also be used to extend the provided medical services. For example, Implantable and Wearable Medical Devices (IMD/ WMD) can be used to monitor patient data and also to remotely treat a patient in emergency situations, such as inject insulin when the sensed data indicates that this is urgent. The IMD/WMD devices may be controlled by home monitoring or programming devices, which communicate with the IMD/WMD using short-range wireless communication protocols, while they communicate with the in-hospital EHR/EMR IT systems using Internet access.
- Hospital side
EHR/EMR IT and file systems are targets for ransomware attacks due to their importance for all medical data and services. Privacy loss is also highly important due to privacy regulations. Internet connected medical devices are an easy entry point for hackers due to their low security, allowing the attacker to access and attack IT systems or extract sensitive data.
- User side
Using vulnerable wireless communications can be used to attack the medical service and even cause physical damage to a patient (e.g. replaying or manipulating commands at the API used by the IMD/WMD devices, inject commands that may change the dosage of an insulin pimp, thus directly affecting the health of the patient).