West Lafayette, Indiana - A Purdue University professor can speak on the recent insulin pump recalls, as warned by the U.S. Food and Drug Administration late last week.

The warning stated that the insulin pumps were recalled because they are vulnerable to wireless hacks. The U.S. Department of Homeland Security issued a similar warning in March for cardiac devices.

According to Shreyas Sen, a Purdue University professor specializing in smart device connectivity and security, unless newer medical devices come with encrypted wireless communication, the problem will continue.

“Even if these devices did have encrypted signals, they are still on a radio frequency that a hacker could detect 5 to 10 meters away from the medical device,” said Sen, an assistant professor of electrical and computer engineering.

Sen’s lab has addressed these issues with a prototype device that prevents medical device signals from radiating outwards. Instead, the signals are kept within the human body, effectively using a more secure “internet-of-body” to block remote hacks. This is made possible by facilitating medical device communication in the electro-quasistatic range, a much lower frequency than the traditional Bluetooth communication used by medical devices on the market.

While companies have acknowledged the importance of security, an ongoing challenge has been convincing both the consumer and the manufacturer that putting in the necessary security features is worth increasing the cost of the devices.

“Past research has shown that it could be 30 times more expensive for companies to fix security flaws than to incorporate these features in the first place,” Sen said. “More awareness about security could convince the consumer that the extra cost is worth it.”

In the short run, Sen recommends that companies update devices with a software-based encryption algorithm as a patch. Newer devices being deployed now could have both hardware- and software-based encryption. For further enhanced security, physically-secure communication techniques like Electro-Quasistatic Human Body Communication developed by Purdue researchers should be considered.

Sen leads the Sensing, Processing, Analytics and Radio Communication (SPARC) lab at Purdue, which is working with government and industry players to incorporate better security technology into current and upcoming medical devices.

Video of SPARC work is available at