Telesurgery: A New Frontier or Just Risky Business?

By Kathleen Kenney and Daniel Farris

Security experts at the University of Washington in Seattle recently set out to expose potential privacy and security vulnerabilities that exist in telesurgery. As first reported by MIT Technology Review, experts hacked a teleoperated surgical robot known as Raven II to examine the risks associated with the communication infrastructure involved in telesurgery.

Like many other robots, Raven II runs on a single PC running software based on open standards and communicates using the Interoperable Telesurgery Protocol. Security experts at the University of Washington experimented with three types of cyber attacks on Raven II. First, the team intercepted the commands sent to Raven II by misdirecting or removing them. Second, the team altered the commands slightly (e.g., by modifying the distance of certain movements). Third, the team took complete control over Raven II by hijacking the procedure. Each attack significantly affected Raven II, making the robot difficult, if not, impossible to control at times. In addition, the experiment shed light upon a significant privacy concern: the video connection was publicly available, thus, demonstrating that these operations could potentially be viewed by members of the public at large.

Despite the risks brought to surface by this experiment, there are also many benefits to using remotely operated surgical equipment, hence the rapid growth in telemedicine generally. It is not uncommon for surgeons to use open source or generally available software platforms when performing remote procedures. Traditionally, the security features of these systems and equipment have not been a high priority or fully developed. Prior to employing new technology, organizations must evaluate their cybersecurity capabilities and ensure adequate safeguards are in place to protect the confidentiality and integrity of the data. Privacy and data security issues are inevitable, but the organizations that proactively analyze the risks prior to implementing new technology, such as remotely operated surgical equipment, are the organizations that will come out ahead.