Robots Used In Long-Distance Surgery Can Easily Be Hacked

Telemedical security could really use a facelift

In 2001, a doctor in New York completed what may seem like a routine surgery to remove a patient’s gallbladder. But in fact that procedure wasn’t routine at all, because the patient was in France. That was the first successful long-distance robotic surgery, or telesurgery, ever performed, and since then the field has taken off. Though robotic surgery is not yet the industry standard, sales of medical robots are increasing by 20 percent each year, and by 2025 the Department of Defense wants to have deployable Trauma Pods that could allow surgeons to operate on soldiers from hundreds or thousands of miles away.

Though proponents of telesurgery have thoroughly discussed its benefits (there’s no delay due to travel time, for example, and surgery could be possible in remote locations like deep underwater or in outer space) there hasn’t been much exploration of its weaknesses. Researchers from the University of Washington decided to put the telesurgery technology to the test to see if they are susceptible to cyber attacks. According their study, the security of surgical robots leaves much to be desired.

By hacking the router that connected the doctor to the robot, researchers were able to change the commands so that the robot’s motions were jerky and erratic. They made the movements longer or shorter than the doctor intended, triggered an automatic stop mechanism that prevented the surgery from continuing, and eventually were able to take over the controls from the surgeon completely. They also found that the video connection that allowed the surgeon to see what she was operating on was publicly accessible.

Since surgery is so delicate and precise, any type of attack at a critical moment could be lethal for a patient. The researchers suggest a number of ways that telesurgery can be more secure, including encrypting data as it’s transferred from surgeon to robot, making the software more sensitive to errors and attempted data changes, and better monitoring of the network status before and during surgery. These changes wouldn’t make the robots immune to attacks, but would be a big step in the right direction. Having this conversation and putting security policies in place is essential before telesurgery becomes standard, the authors write, in order for the public to feel safe about having such a procedure.